Forum Discussion

Bronze III

1 year ago

Solved

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

None of the three apps are “breaking” for me. For example the input of {{ dump(_SERVER) }} should return server information in at least one example. But nope.

help & support

netcat
1 year ago
I just took the sample payload from the briefing, and it works on the first app, causing an error.
I think there's only one app using twig, where the above string would trigger.
SSTI...not my favorite.

QuickSloth

Bronze III

1 year ago

> I just took the sample payload from the briefing
Sorry, which payload is that?

netcat

Advocate

1 year ago

This one: {{$<%=(*`|.'#-%>;}}

QuickSloth
Bronze III
1 year ago
All three apps just echo back that same input.
- netcat
  Advocate
  1 year ago
  Just one more click.
  - QuickSloth
    Bronze III
    1 year ago
    Sorry, but what do you mean by "one more click"?

Forum Discussion

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

Featured Places

Help

Related Content

Server-Side Request Forgery

Server-Side Request Forgery Web App Hacking

Cross_site Scripting DOM-based XSS vulnerability

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Server-Side Request Forgery Q6 & Q7

Recent Discussions

Hafnium: Detection of IoCs - Question 5

Apache Header Tampering

Ransomware: Darkside - Question 9

Ransomware: Darkside - Question 8

AI Blue Teaming Foundations: Introduction to AI Blue Teaming (Part 2) - Q7 Impossible