Sayaan Alamblog.sayaan.in·Nov 22, 2024From Template to Threat: Exploiting Freemarker SSTI for Remote Code ExecutionHi Readers! I hope you all are doing well, In this post, I want to discuss a specific type of vulnerability I've encountered: Server-Side Template Injection (SSTI) in Freemarker that can lead to Remote Code Execution (RCE). This vulnerability is part...1.7K readsbug bounty
elc4br4elc4br4.hashnode.dev·Aug 20, 2024Late - HackTheBoxEn esta ocasión vamos a resolver la máquina Late de la plataforma HackTheBox de nivel Easy en la que tendremos SSTI como explotación y una escalada a través de un pequeño script, que tendremos que modificar. Reconocimiento Reconocimiento de Puerto...HackTheBox🦎CTF Writeup
Cxnsxlecxnsxle.hashnode.dev·Jul 26, 2023SSTI VulnerabilityWhat is SSTI? Server-side template injection (SSTI) is when an attacker can use native template syntax to inject a malicious payload into a template, which is then executed server-side. Template engines are designed to generate webpages by combining ...61 readsSSTİ
satish Mishratechtonics.hashnode.dev·Apr 8, 2023Secure Templating with Jinja2: Understanding SSTI and Jinja2 Sandbox EnvironmentJinja2 is a popular templating engine used in Python web applications. It provides a powerful and flexible way to generate dynamic HTML, XML, and other output formats. However, as with any templating engine, it is vulnerable to template injection att...3 likes·160 readsPython
