SSTI
Detection
Django Templates engine
Cross-site scripting:
Debug information leak:
Leaking app’s Secret Key (assumes CookieStorage being first message storage):
Admin Site URL leak:
Admin username & password hash leak (assumes admin_log
records exist):
only username
only password
Jinja2
Tools
Resource
Last updated