▹ Watch me Live on Twitch every Monday and Thursday! - https://twitch.tv/garr_7
Portswigger Web Security Academy Server-Side Template Injection (SSTI) Lab: Server-side template injection with a custom exploit - https://portswigger.net/web-security/server-side-template-injection/exploiting/lab-server-side-template-injection-with-a-custom-exploit
Additional References for Further Exploration:
Solving this Live on Twitch - https://www.twitch.tv/videos/1418566590?t=01h53m54s
HackTricks SSTI Cheat Sheet - https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
Awesome In-Depth SSTI Breakdown by PwnFunction - https://youtu.be/SN6EVIG4c-0
------------------------------------------------------------------------------
In this series, we take a look at Web Security Academy's Server-Side Template Injection (SSTI) labs and break them down. The goal is to break down the concepts to not only get to the solution, but talk about methodology and the mental steps we take in order to discover these vulnerabilities in the wild.
Timestamps:
0:00 Intro & Caught in 4k
0:40 Lab Description
1:03 Mapping the Application
1:58 SSTI Discovery
3:14 Important Caveat w/ Templating Payloads
3:40 Attempting Error-Based Enumeration
4:28 PHP + File Upload = Profit?
5:23 Error Message and setAvatar()
6:31 Confirmed Access to Object's Methods
7:27 Attempting to Read Local Files
8:28 How would we find this in the wild?
9:11 Remember to Refresh the Page
9:54 Finding Object's Other Methods
10:46 WARNING! Don't Break Your Lab!
11:05 Deleting the File!
11:51 Recapping the Steps
13:38 Main Takeaways From This Lab
14:23 Outro
------------------------------------------------------------------------------
Music:
“Lovely City”
Produced by Calum Bowen
https://youtu.be/ZGdyS2FDm2U
“Ghosted”
Produced by Bankrupt Beats
https://youtu.be/tl9KWN7UyG4
“Morning Tea”
Produced by Jeff Kaale
https://youtu.be/euQG29OK3-M
“Ikebaby”
Produced by Robotprins
https://youtu.be/APAekwchpkE