Forum Discussion

Bronze II

25 days ago

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

None of the three apps are “breaking” for me. For example the input of {{ dump(_SERVER) }} should return server information in at least one example. But nope.

help & support

QuickSloth

Bronze II

22 days ago

> I think there's only one app using twig
I know. And I know which one is running twig. But I try all three for completeness.
I tried this on three different days. And I'm still not able to get anything to return the system information.
(Oops, meant this as a reply to netcat )

Forum Discussion

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

Featured Places

Help & Support Forum

Related Content

Server-Side Request Forgery

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Combatting Software Vulnerabilities with GenAI

CVE-2024-5910: Understanding the Critical Expedition Vulnerability

Understanding CVE-2023-49103: A Critical Vulnerability in ownCloud Graph API

Recent Discussions

Web App Hacking (Lab series): CVE-2022-2143 (iView2)

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Wizard Spider DFIR: Ep.10 – Demonstrate Your Skills

Autopsy Ep 3: Tags, Comments and Reports

Logging and Monitoring in AWS: Demonstrate Your Skills