WRITEUP #1809

Doing it the researcher’s way: How I Managed to Get SSTI (Server Side Template Injection) which lead to arbitrary file reading on One of the Leading Payment Systems in Asia

OtherSSTIWAF bypass

byJzeeRx

Program

Published

Dec 13, 2022

Added to HackDex

Dec 15, 2022

Read Full Writeuphttps://medium.com/@jazdprince/doing-it-the-researchers-way-how-i-managed-to-get-ssti-server-side-template-injection-which-66b239ca0104

▸ RELATED WRITEUPS

SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff

OtherSSTI

Data Theft in Salesforce: Manipulating Public Links

OtherSOQL injection

When Certificates Fail: A Story of Bypassed MFA in Remote Access

Other2FA / MFA bypass

Ghost In The Ppl Part 1: Byovdll

OtherUse-After-Free

Part 2: From Byovdll To Arbitrary Code Execution In Lsass

OtherUse-After-Free

Built with ❤️ by Shubham Rawat