Forum Discussion

Bronze III

9 months ago

Solved

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

None of the three apps are “breaking” for me. For example the input of {{ dump(_SERVER) }} should return server information in at least one example. But nope.

help & support

netcat
9 months ago
I just took the sample payload from the briefing, and it works on the first app, causing an error.
I think there's only one app using twig, where the above string would trigger.
SSTI...not my favorite.

netcat

Advocate

9 months ago

I just took the sample payload from the briefing, and it works on the first app, causing an error.
I think there's only one app using twig, where the above string would trigger.
SSTI...not my favorite.

QuickSloth

Bronze III

9 months ago

> I just took the sample payload from the briefing
Sorry, which payload is that?

netcat
Advocate
9 months ago
This one: {{$<%=(*`|.'#-%>;}}
- QuickSloth
  Bronze III
  9 months ago
  All three apps just echo back that same input.
  - netcat
    Advocate
    9 months ago
    Just one more click.

Forum Discussion

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

Featured Places

Help

Related Content

Server-Side Request Forgery

Server-Side Request Forgery Web App Hacking

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Server-Side Request Forgery Q6 & Q7

File Inclusion Vulnerabilities Lab (Purple Belt)

Recent Discussions

No files show up in the Microsoft Azure Basics: Function Apps lab

AI Plugin Injection

Git Security: Git History

Introduction to Detection Engineering: Ep.5 – Custom Alerting

Jinja2 Pen test