Forum Discussion

Bronze II

25 days ago

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

None of the three apps are “breaking” for me. For example the input of {{ dump(_SERVER) }} should return server information in at least one example. But nope.

help & support

QuickSloth

Bronze II

22 days ago

> I just took the sample payload from the briefing
Sorry, which payload is that?

netcat

Silver II

21 days ago

This one: {{$<%=(*`|.'#-%>;}}

QuickSloth
Bronze II
19 days ago
All three apps just echo back that same input.
- netcat
  Silver II
  19 days ago
  Just one more click.
  - QuickSloth
    Bronze II
    19 days ago
    Sorry, but what do you mean by "one more click"?

Forum Discussion

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

Featured Places

Help & Support Forum

Related Content

Server-Side Request Forgery

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Combatting Software Vulnerabilities with GenAI

CVE-2024-5910: Understanding the Critical Expedition Vulnerability

Understanding CVE-2023-49103: A Critical Vulnerability in ownCloud Graph API

Recent Discussions

Web App Hacking (Lab series): CVE-2022-2143 (iView2)

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Wizard Spider DFIR: Ep.10 – Demonstrate Your Skills

Autopsy Ep 3: Tags, Comments and Reports

Logging and Monitoring in AWS: Demonstrate Your Skills