Ninja
MediumWeb Security
Overview
The "SecureCorp" internal portal has just been updated with a new user activity dashboard and an automated reporting system for administrators. The development team is confident in their security posture, boasting that their use of modern Python-based templating naturally neutralizes common web attacks like Cross-Site Scripting.
Lab Details
Prerequisites & Requirements
- Basic understanding of Flask web framework
- Knowledge of template engines, specifically Jinja2
- Understanding of Client-Side JavaScript and XSS attacks
What will you learn?
- Understanding Flask template rendering mechanisms
- Exploiting template file extension vulnerabilities
- Leveraging XSS to exfiltrate sensitive data
Tools
- Web browser
- Burp Suite or similar proxy tool
- Basic text editor
Job Positions
Penetration Tester
Tags
XssSstiInput ValidationBroken Access ControlPython