▹ Watch me Live on Twitch every Monday and Thursday! - https://twitch.tv/garr_7

Portswigger Web Security Academy Server-Side Template Injection (SSTI) Lab: Server-side template injection in a sandboxed environment - https://portswigger.net/web-security/server-side-template-injection/exploiting/lab-server-side-template-injection-in-a-sandboxed-environment

Additional References for Further Exploration:

My SSTI Explanation Vid - https://youtu.be/QLqHMMcBXuQ
HackTricks SSTI Cheat Sheet - https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
Awesome In-Depth SSTI Breakdown by PwnFunction - https://youtu.be/SN6EVIG4c-0

------------------------------------------------------------------------------
In this series, we take a look at Web Security Academy's Server-Side Template Injection (SSTI) labs and break them down. The goal is to break down the concepts to not only get to the solution, but talk about methodology and the mental steps we take in order to discover these vulnerabilities in the wild.

Timestamps:
0:00​ Intro
0:14 Lab description review and application mapping
0:57 Leveraging "Edit Template" functionality to enumerate Templating Engine
1:24 Let's try using an application error to enumerate Templating Engine instead
1:42 Discovering FreeMarker is in use
1:50 Finding FreeMarker payloads in Hacktricks
2:27 Reading the error and modifying the payload to work
2:56 Final payload
3:18 Recap
3:36 Outro

------------------------------------------------------------------------------

Music:

“Lovely City”
Produced by Calum Bowen
https://youtu.be/ZGdyS2FDm2U

“Ghosted”
Produced by Bankrupt Beats
https://youtu.be/tl9KWN7UyG4

“Ikebaby”
Produced by Robotprins
https://youtu.be/APAekwchpkE