У нас вы можете посмотреть бесплатно Ultimate SSTI Beginner Guide: From Identify To Exploit или скачать в максимальном доступном качестве, видео которое было загружено на ютуб. Для загрузки выберите вариант из формы ниже:
Если кнопки скачивания не
загрузились
НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если возникают проблемы со скачиванием видео, пожалуйста напишите в поддержку по адресу внизу
страницы.
Спасибо за использование сервиса ClipSaver.ru
In this video, i took the time to explain in detail what SSTI is and how it occurs. I Also take you through the steps you need to follow to identify the templating engine and point you to resources on how to exploit them fully. Identify: -------------------- Enter the attack string: {{7*7}} IF you’d get 49 back,move on to the next step, IF you get your original attack vector back, the templating engine is NOT vulnerable and you should move on entirely. Next step: {{7’*7’}} IF you’d get 49 back, The templating engine is Twig, move on to the exploit chapter. IF you get 7777777 back, the templating engine is Jinja2, move on the exploit. IF neither get returned there is no vulnerability, move on to the next step. Next step: A{*comment*}b IF it resolves, the templating engine is Smarty. IF it doesn’t resolve, move on to the next step. Next step: ${“z”.join{“ab”}} IF it resolves, the templating engine is Mako. IF it doesn’t resolve, there is probably no SSTI, move on the CSTI. Exploit ------------------- https://portswigger.net/research/serv... Become a member of this channel to unlock special perks: / @thexssrat You can now Buy me a block of cheese: https://www.buymeacoffee.com/thexssrat Patreon: / thexssrat Instagram: thexssrat Follow me on twitter to be notified when i release a new video: / thexssrat Come join our discord :D i hang out there often! / discord