-
-
-
# Server-Side Template Injection (SSTI)
🔍 Introduction SSTI(Server-Side Template Injection)은 공격자가 Template 코드를 기존 template에 include 시켜서 원하는 액션을 수행하도록 하는 공격입니다. 이 때 template injection이 발생하는 위치가 server…
-
## CVE-2018-13818 - High Severity Vulnerability
Vulnerable Library - twig/twig-v1.35.0
Twig, the flexible, fast, and secure template language for PHP
Library home page: https://api.github.com/repos/…
-
## CVE-2018-13818 - High Severity Vulnerability
Vulnerable Library - twig/twig-v1.35.0
Twig, the flexible, fast, and secure template language for PHP
Library home page: https://api.github.com/repos/…
-
# :star: Challenge idea: Embed Github action in a challenge
### Description
This challenge nicely ties in with the discussion at https://github.com/juice-shop/juice-shop/pull/1687 as discussed ear…
-
Please add these tools.
Subdomains enumeration:
Amass
Assetfinder
Crobat
Findomain
Github-subdomains
Subfinder
Sudomy
subdomainizer
sublister
findomain
Subdomain Takeover:
Subover…
-
It seems that there is a server-side template injection in the code block/inline code.
When I try to add a code block or inline code like `{{ 7*7 }}` it actually renders `49`.
Or if I add `{{ 7*'7…
caueb updated
2 years ago
-
# :bug: Bug report
## Description
When editing the User Proifle name, it's possible to leak /etc/passwd as an HTTP request parameter to a remote server.
### Is this a regression?
Uknown.…
-
# EL(Expression Language) Injection
🔍 Introduction EL(Expression Language) Injection은 Expression을 처리하는 EL interpreter에 대한 Injection 공격으로 SSTI, OGNL Injection과 유사함을 가집니다.
🗡 Offensive techniques Detect…