▹ Watch me Live on Twitch every Monday and Thursday! - [ Ссылка ]
Portswigger Web Security Academy Server-Side Template Injection (SSTI) Lab: Basic server-side template injection - [ Ссылка ]
Additional References for Further Exploration:
HackTricks SSTI Cheat Sheet - [ Ссылка ]
Awesome SSTI Vuln Breakdown by PwnFunction - [ Ссылка ]
Rails Mailer Template Example - [ Ссылка ]
------------------------------------------------------------------------------
In this series, we take a look at Web Security Academy's Server-Side Template Injection (SSTI) labs and break them down. The goal is to break down the concepts to not only get to the solution, but talk about methodology and the mental steps we take in order to discover these vulnerabilities in the wild.
Timestamps:
0:00 Intro
0:12 What are Templates?
1:24 A few examples of template usage
2:03 Simple explanation of SSTI
3:24 SSTI Discovery Steps
4:44 Lab Start: Basic SSTI
7:34 Recap
8:10 Outro
------------------------------------------------------------------------------
Music:
“Lovely City”
Produced by Calum Bowen
[ Ссылка ]
“Morning Tea”
Produced by Jeff Kaale
[ Ссылка ]
“Snickers”
Produced by Epidemic Sound / Damma Beatz
[ Ссылка ]
“Ikebaby”
Produced by Robotprins
[ Ссылка ]
