Magic Methods

Class Methods

You can access the methods of a class using __dict__.

You can access the functions

Object class

Attributes

You can access the attributes of an object using __dict__. Example:

Class

You can access the class of an object using __class__

You can access the methods of the class of an object chainning magic functions:

Server Side Template Injection

Interesting functions to exploit this vulnerability

__init__.__globals__
__class__.__init__.__globals__

Inside the response search for the application (probably at the end?)

Then access the environment content of the application where you will hopefully find some passwords of interesting information:

__init__.__globals__[<name>].config
__init__.__globals__[<name>].__dict__
__init__.__globals__[<name>].__dict__.config
__class__.__init__.__globals__[<name>].config
__class__.__init__.__globals__[<name>].__dict__
__class__.__init__.__globals__[<name>].__dict__.config

More Information

• https://rushter.com/blog/python-class-internals/

• https://docs.python.org/3/reference/datamodel.html

• https://balsn.tw/ctf_writeup/20190603-facebookctf/#events

• https://medium.com/bugbountywriteup/solving-each-and-every-fb-ctf-challenge-part-1-4bce03e2ecb0 (events)