▹ Watch me Live on Twitch every Monday and Thursday! - https://twitch.tv/garr_7
Portswigger Web Security Academy Server-Side Template Injection (SSTI) Lab: Server-side template injection in an unknown language with a documented exploit - https://portswigger.net/web-security/server-side-template-injection/exploiting/lab-server-side-template-injection-in-an-unknown-language-with-a-documented-exploit
Additional References for Further Exploration:
Payload Origin from Mahmoud Gamal's SSTI Shopify HackerOne Event - http://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html
My SSTI Explanation Vid - https://youtu.be/QLqHMMcBXuQ
HackTricks SSTI Cheat Sheet - https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
Awesome In-Depth SSTI Breakdown by PwnFunction - https://youtu.be/SN6EVIG4c-0
------------------------------------------------------------------------------
In this series, we take a look at Web Security Academy's Server-Side Template Injection (SSTI) labs and break them down. The goal is to break down the concepts to not only get to the solution, but talk about methodology and the mental steps we take in order to discover these vulnerabilities in the wild.
Timestamps:
0:00 Intro
0:12 Lab Start: Mapping the Application
1:10 Leveraging payloads from Hacktricks to enumerate the Templating Engine
1:54 Searching Hacktricks for payloads and discovering Mahmoud Gamal's payload
2:32 Quick payload modification
3:07 Changing the payload to complete the lab
3:24 Real-world usage of payload using Burp Collaborator
4:11 Recap
4:35 Outro
------------------------------------------------------------------------------
Music:
“Lovely City”
Produced by Calum Bowen
https://youtu.be/ZGdyS2FDm2U
“Snickers”
Produced by Epidemic Sound / Damma Beatz
https://youtu.be/CHZzUYcASDQ
“Ikebaby”
Produced by Robotprins
https://youtu.be/APAekwchpkE