insomnia icon indicating copy to clipboard operation
insomnia copied to clipboard

Published 20 hours ago verified publisher icon Kong

Template Injection

Open oxxy1337 opened this issue 3 years ago • 2 comments

Describe the bug Inso crashed while uploading files, contain template injection payloads as file name

Insomnia is a perfect tool for web pentesting, So while uploading file, with "{{7*7}}" as filename Inso will render this input and showing the following error :

ENOENT: no such file or directory, stat '/Users/oxxy37/Desktop/tmp/49

Inso respond to the injection payload with 49

Field: Request.body.params[0].fileName

Screenshots Screen Shot 2020-11-10 at 13 41 59

Desktop

  • OS: macOS 10.15.4
  • Installation Method: Insomnia.Core-2020.4.2.dmg
  • App Version: v2020.4.2
  • Curl: curl 7.64.1 (x86_64-apple-darwin19.0) libcurl/7.64.1 (SecureTransport) LibreSSL/2.8.3 zlib/1.2.11 nghttp2/1.39.2

oxxy1337 avatar Nov 10 '20 12:11 oxxy1337

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar May 28 '21 07:05 stale[bot]

Hi @oxxy1337

Have you tried this on our newest release, available here: https://github.com/Kong/insomnia/releases/tag/core%402022.5.0? Thank you and I await your reply.

kreosus avatar Aug 09 '22 19:08 kreosus

I'm going to close this issue for now, please feel free to open a new one when you've reproduced it on the latest version.

wongstein avatar Aug 17 '22 13:08 wongstein