Explore server-side template injection vulnerabilities and their potential for remote code execution in modern web applications. Delve into techniques for recognizing template injection, exploiting template engines beyond their intended purpose, and achieving arbitrary code execution. Learn how to craft exploits targeting popular template engines and witness demonstrations of real-world RCE zero-days on corporate web applications. Gain insights into automated detection methods for template injection and discover how to identify and exploit subtle, application-specific vulnerabilities in seemingly secure template systems. This Black Hat conference talk equips security professionals with the knowledge to understand and mitigate this often overlooked attack vector in feature-rich web applications.
Server-Side Template Injection - RCE for the Modern Web App
Overview
Syllabus
Server-Side Template Injection: RCE For The Modern Web App
Taught by
Black Hat
Related Courses
-
Web Hacking Expert - Full-Stack Exploitation Mastery
-
Hacking Modern Desktop Apps with XSS and RCE
-
Diving Into Spooler - Discovering LPE and RCE Vulnerabilities in Windows Printer
-
The Hidden RCE Surfaces That Control the Droids
-
DataBinding2Shell - Novel Pathways to RCE Web Frameworks
-
Room for Escape - Scribbling Outside the Lines of Template Security
