Скачать или смотреть SSTI Complete Lab Breakdown: Server-side template injection with a custom exploit

▹ Watch me Live on Twitch every Monday and Thursday! -   / garr_7  

Portswigger Web Security Academy Server-Side Template Injection (SSTI) Lab: Server-side template injection with a custom exploit - https://portswigger.net/web-security/...

Additional References for Further Exploration:

Solving this Live on Twitch - https://www.twitch.tv/videos/14185665...
HackTricks SSTI Cheat Sheet - https://book.hacktricks.xyz/pentestin...
Awesome In-Depth SSTI Breakdown by PwnFunction -    • Server-Side Template Injections Explained  

------------------------------------------------------------------------------
In this series, we take a look at Web Security Academy's Server-Side Template Injection (SSTI) labs and break them down. The goal is to break down the concepts to not only get to the solution, but talk about methodology and the mental steps we take in order to discover these vulnerabilities in the wild.

Timestamps:
0:00 Intro & Caught in 4k
0:40 Lab Description
1:03 Mapping the Application
1:58 SSTI Discovery
3:14 Important Caveat w/ Templating Payloads
3:40 Attempting Error-Based Enumeration
4:28 PHP + File Upload = Profit?
5:23 Error Message and setAvatar()
6:31 Confirmed Access to Object's Methods
7:27 Attempting to Read Local Files
8:28 How would we find this in the wild?
9:11 Remember to Refresh the Page
9:54 Finding Object's Other Methods
10:46 WARNING! Don't Break Your Lab!
11:05 Deleting the File!
11:51 Recapping the Steps
13:38 Main Takeaways From This Lab
14:23 Outro

------------------------------------------------------------------------------

Music:

“Lovely City”
Produced by Calum Bowen
   • Lovely City  

“Ghosted”
Produced by Bankrupt Beats
   • Видео  

“Morning Tea”
Produced by Jeff Kaale
   • Jeff Kaale - Morning Tea  

“Ikebaby”
Produced by Robotprins
   • Ikebaby (feat. @rymdkraft )