We see the following web page
Login with the credentials we have, we can see
We can change the preferred name. Capturing the request:
If we inject a basic Tornado SSTI
And we go to the blog for write a comment
We injected template
Trying this payload
We see an error
If we encode '+' and add '}}' for closing before template
We see
Let's try rm morale.txt
Última actualización hace 5 meses
