Deconstructing SSRF+SSTI vulns to gain RCE in a Message Broker environment
Jan 22 · 12 min read · Description: Rabbit Store is medium level machine from tryhackme to test your basic web testing skills and Linux basics. it can be conquered if u have understanding of SSRF and SSTI vulnerabilities to achieve RCE gain access to shell. Therefore, retr...
Join discussion
Conquering TryHackMe's:Rabbit_store
Jan 21 · 12 min read · Description: Rabbit Store is medium level machine from tryhackme to test your basic web testing skills and linux basics. it can be conquered if u have understanding of SSRF and SSTI vulnerabilities to achive RCEgain access to shell. Therefore, retrie...
Join discussion
Server-Side Template Injection (SSTI) : De la Détection à l'Exécution de Code
Sep 20, 2025 · 11 min read · Les Server-Side Template Injection (SSTI) représentent une classe de vulnérabilités particulièrement dangereuses qui permettent aux attaquants d'exécuter du code arbitraire sur les serveurs en exploitant les moteurs de templates côté serveur. Cette v...
Join discussion
HackTheBox - Server-side Attacks - Skills Assessment Walkthrough
Jul 14, 2025 · 3 min read · Scenario You are tasked to perform a security assessment of a client's web application. Apply what you have learned in this module to obtain the flag. Walkthrough Accessing the target URL redirects us to the next page: After browsing the site for a ...
Join discussion
SSTI Made Easy: Essential Information for All
Mar 29, 2025 · 6 min read · Today, I completed my first CTF (Capture The Flag) challenge. For those unfamiliar, CTFs are competitions that focus on cybersecurity topics. If you've heard of LeetCode, think of CTFs as similar but focused on cybersecurity (though it's not a perfec...
Join discussionFrom Template to Threat: Exploiting Freemarker SSTI for Remote Code Execution
Nov 22, 2024 · 5 min read · Hi Readers! I hope you all are doing well, In this post, I want to discuss a specific type of vulnerability I've encountered: Server-Side Template Injection (SSTI) in Freemarker that can lead to Remote Code Execution (RCE). This vulnerability is part...
Join discussion
Late - HackTheBox
Aug 20, 2024 · 4 min read · En esta ocasión vamos a resolver la máquina Late de la plataforma HackTheBox de nivel Easy en la que tendremos SSTI como explotación y una escalada a través de un pequeño script, que tendremos que modificar. Reconocimiento Reconocimiento de Puerto...
Join discussion
SSTI Vulnerability
Jul 26, 2023 · 3 min read · What is SSTI? Server-side template injection (SSTI) is when an attacker can use native template syntax to inject a malicious payload into a template, which is then executed server-side. Template engines are designed to generate webpages by combining ...
Join discussion
Secure Templating with Jinja2: Understanding SSTI and Jinja2 Sandbox Environment
Apr 8, 2023 · 3 min read · Jinja2 is a popular templating engine used in Python web applications. It provides a powerful and flexible way to generate dynamic HTML, XML, and other output formats. However, as with any templating engine, it is vulnerable to template injection att...
Join discussion
