Explore novel techniques for exploiting server-side template injections (SSTIs) in this 32-minute conference talk from Ekoparty Security Conference 2024. Discover complex and unique payload development methods that leverage default template engine functionality without requiring quotation marks or additional plugins. Learn the detailed process behind payload discovery and understand how to achieve Remote Code Execution (RCE) while working within strict template limitations. Gain insights into advanced exploitation techniques as demonstrated by security researcher Alex Brumen, who breaks down the methodology for identifying and executing these sophisticated template injection attacks.
Advanced Server-Side Template Exploitation with RCE Everywhere - 2024
Ekoparty Security Conference via YouTube
Overview
Syllabus
Advanced server-side template exploitation with RCE everywhere -Alex Brumen - Ekoparty 2024
Taught by
Ekoparty Security Conference
Related Courses
-
CVE Series: Confluence RCE (CVE-2022-26134)
-
Complete Web Application Offensive Hacking Course:Pro Hacker
-
Web Security Academy Learning Path
-
Server-Side Template Injection - RCE for the Modern Web App
-
Ethical Hacking/Penetration Testing & Bug Bounty Hunting v2
-
From Survey.js to Remote Code Execution in Meta
