Tag feed

#ssti

10 posts1 followers

Explore Hashnode

Alternatives

NINeville Iregim0ng00s3-blog.hashnode.devApr 30 · 14 min read

Hack The Box: Bike

Bike is a Linux machine that introduces Server-Side Template Injection (SSTI) in a Node.js application using the Handlebars template engine. The SSTI in the web application can be leveraged to escape

0

MSmaulik srivastavapub.nexttechlabap.inJan 22 · 12 min read

Deconstructing SSRF+SSTI vulns to gain RCE in a Message Broker environment

Description: Rabbit Store is medium level machine from tryhackme to test your basic web testing skills and Linux basics. it can be conquered if u have understanding of SSRF and SSTI vulnerabilities to achieve RCE gain access to shell. Therefore, retr...

0

MSmaulik srivastavamooli.hashnode.devJan 21 · 12 min read

Conquering TryHackMe's:Rabbit_store

Description: Rabbit Store is medium level machine from tryhackme to test your basic web testing skills and linux basics. it can be conquered if u have understanding of SSRF and SSTI vulnerabilities to achive RCEgain access to shell. Therefore, retrie...

0

YKYoussef Ketajstarter-kit-xi-seven.vercel.appSep 20, 2025 · 11 min read

Server-Side Template Injection (SSTI) : De la Détection à l'Exécution de Code

Les Server-Side Template Injection (SSTI) représentent une classe de vulnérabilités particulièrement dangereuses qui permettent aux attaquants d'exécuter du code arbitraire sur les serveurs en exploitant les moteurs de templates côté serveur. Cette v...

0

IAIdo Abramovid0xa.hashnode.devJul 14, 2025 · 3 min read

HackTheBox - Server-side Attacks - Skills Assessment Walkthrough

Scenario You are tasked to perform a security assessment of a client's web application. Apply what you have learned in this module to obtain the flag. Walkthrough Accessing the target URL redirects us to the next page: After browsing the site for a ...

0

ASAbhishek Saikiakingrog.hashnode.devMar 29, 2025 · 6 min read

SSTI Made Easy: Essential Information for All

Today, I completed my first CTF (Capture The Flag) challenge. For those unfamiliar, CTFs are competitions that focus on cybersecurity topics. If you've heard of LeetCode, think of CTFs as similar but focused on cybersecurity (though it's not a perfec...

0

SASayaan Alamblog.sayaan.inNov 22, 2024 · 5 min read

From Template to Threat: Exploiting Freemarker SSTI for Remote Code Execution

Hi Readers! I hope you all are doing well, In this post, I want to discuss a specific type of vulnerability I've encountered: Server-Side Template Injection (SSTI) in Freemarker that can lead to Remote Code Execution (RCE). This vulnerability is part...

0

Eelc4br4xxdbytes.hashnode.devAug 20, 2024 · 4 min read

Late - HackTheBox

En esta ocasión vamos a resolver la máquina Late de la plataforma HackTheBox de nivel Easy en la que tendremos SSTI como explotación y una escalada a través de un pequeño script, que tendremos que modificar. Reconocimiento Reconocimiento de Puerto...

0

CCxnsxlecxnsxle.hashnode.devJul 26, 2023 · 3 min read

SSTI Vulnerability

What is SSTI? Server-side template injection (SSTI) is when an attacker can use native template syntax to inject a malicious payload into a template, which is then executed server-side. Template engines are designed to generate webpages by combining ...

0

SMsatish Mishratechtonics.hashnode.devApr 8, 2023 · 3 min read

Secure Templating with Jinja2: Understanding SSTI and Jinja2 Sandbox Environment

Jinja2 is a popular templating engine used in Python web applications. It provides a powerful and flexible way to generate dynamic HTML, XML, and other output formats. However, as with any templating engine, it is vulnerable to template injection att...

0

#ssti

Search Hashnode

#ssti

Explore Hashnode

Hack The Box: Bike

Deconstructing SSRF+SSTI vulns to gain RCE in a Message Broker environment

Conquering TryHackMe's:Rabbit_store

Server-Side Template Injection (SSTI) : De la Détection à l'Exécution de Code

HackTheBox - Server-side Attacks - Skills Assessment Walkthrough

SSTI Made Easy: Essential Information for All

From Template to Threat: Exploiting Freemarker SSTI for Remote Code Execution

Late - HackTheBox

SSTI Vulnerability

Secure Templating with Jinja2: Understanding SSTI and Jinja2 Sandbox Environment

Trending tags this week