-
还有一个就是有的题目是需要登录后才能去ssti注入,此时如果直接输入链接,如果未登录过是会重定向到登录后才可以,这种情况烦请增加。
-
Vulnerable Library - spring-boot-starter-thymeleaf-2.7.1.jar
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.15.RELEASE/th…
-
[link]https://github.com/epinna/tplmap[/link]
[short_descr] Server-Side Template Injection and Code Injection Detection and Exploitation Tool [/short_descr]
[tags]ssti,injection[/tags]
[long_descr]…
-
### What happened?
Hello, I updated CrowdSec to version 1.6.2, and upon restarting the CrowdSec service, an error was flagged as the connection to the API on port 8080 was being refused. Upon reviewi…
-
I made a template to see if I can automate my SSTI exploits but unfortunately curly brackets in the payload doesn't work.
I'm sure nuclei processing them as a variable or something but I couldn't fin…
-
## CVE-2023-38286 - High Severity Vulnerability
Vulnerable Libraries - spring-boot-admin-server-2.2.2.jar, thymeleaf-3.0.11.RELEASE.jar
spring-boot-admin-server-2.2.2.jar
Spring Boot Admin Server
…
-
您好,发现一个新的问题,就是当一个web需要提交两个参数,其中一个参数存在ssti漏洞,但另一个参数必须也赋值才可以输出结果,否则会提示错误,我看目前的代码是一个一个参数去爆破,导致一直爆不出来,烦请修复下。
-
```yaml
id: apache-struts2-cve-2023-50164
info:
name: Apache Struts2 CVE-2023-50164 Vulnerability Detection
author: emadshanab
severity: high
description: Detects a directory traversal v…
-
PK��������l›7U������������
���logcat.logí}éSãHÒ÷wþŠšÙ��O€Ñ}mðF˜«ÛÏp
†žž}bƒ(KeÐ"K��€gc÷o3K²±eÙ–d�èžé‰Ø5’ýˬ¬¬¼êÚÛËþ‘�»w}ßõïIÐ'�êú[[‚¹'ID4,Y²d£¥���uM�³ÿí�ÏíÙ�þY¤ËâÏŒ�oè= ÜŸ±'æY$¦÷ÄÃ$b1‰�"ÌcšÊ�æ ‰[A¿ïÚ…
-
Could not use at all pytest parallel on my Mac.
Tried to reinstall, to update it (with pip3). Tried to run in different modes (with and without specified workers), but it didn't help: each run caused…