Sarrionandia Tournatrack Jinja2 Template Injection Vulnerability in check_id.py

A critical server-side template injection (SSTI) vulnerability has been identified in Sarrionandia Tournatrack versions up to 4c13a23f43da5317eea4614870a7a8510fc540ec. The issue arises in the check_id.py file, specifically within the Jinja2 template handler. The vulnerability allows for injection through the id parameter, which is not properly validated or sanitized before being processed. This flaw can be exploited locally by sending crafted requests that include malicious Jinja2 expressions. Such exploitation could lead to unauthorized information disclosure, arbitrary code execution on the server, or a denial-of-service condition by causing the application to become unresponsive.

Impact

Exploitation of this vulnerability could result in server-side template injection, allowing attackers to execute arbitrary code, access sensitive information, or cause a denial-of-service condition by overwhelming the server with requests.

Reproduction

To reproduce this vulnerability, send a request to the '/checkID' endpoint with a crafted id parameter that includes Jinja2 template expressions. The application will pass this input to the Jinja2 template for rendering, where it can be executed and potentially lead to information disclosure or code execution.