Overview
Explore server-side template injection vulnerabilities and their potential for remote code execution in modern web applications. Delve into techniques for recognizing template injection, exploiting template engines beyond their intended purpose, and achieving arbitrary code execution. Learn how to craft exploits targeting popular template engines and witness demonstrations of real-world RCE zero-days on corporate web applications. Gain insights into automated detection methods for template injection and discover how to identify and exploit subtle, application-specific vulnerabilities in seemingly secure template systems. This Black Hat conference talk equips security professionals with the knowledge to understand and mitigate this often overlooked attack vector in feature-rich web applications.
Syllabus
Server-Side Template Injection: RCE For The Modern Web App
Taught by
Black Hat