Forum Discussion

Bronze III

3 months ago

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

None of the three apps are “breaking” for me. For example the input of {{ dump(_SERVER) }} should return server information in at least one example. But nope.

help & support

QuickSloth

Bronze III

3 months ago

> I just took the sample payload from the briefing
Sorry, which payload is that?

netcat

Silver III

3 months ago

This one: {{$<%=(*`|.'#-%>;}}

QuickSloth
Bronze III
3 months ago
All three apps just echo back that same input.
- netcat
  Silver III
  3 months ago
  Just one more click.
  - QuickSloth
    Bronze III
    3 months ago
    Sorry, but what do you mean by "one more click"?

Forum Discussion

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

Featured Places

Help & Support Forum

Related Content

Server-Side Request Forgery

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Combatting Software Vulnerabilities with GenAI

CVE-2024-5910: Understanding the Critical Expedition Vulnerability

New CTI Lab: CUPS Remote Code Execution Vulnerability – Defensive

Recent Discussions

AI: Plugin Injection - Demonstrate Your Skills

A Letter to Santa

Hack Your First Web App: Ep.6 - Hydra

GuardDuty: Demonstrate Your Skills

Infrastructure Hacking: Responder Network Poisoning