Back to directory

WRITEUP #5439

Handlebars template injection and RCE in a Shopify app

RCESSTI

by@Zombiehelp54(Mahmoud Gamal)

Bounty

10,000

Program

Shopify

Published

Apr 4, 2019

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html

▸ RELATED WRITEUPS

WPML Multilingual CMS Authenticated Contributor+ Remote Code Execution (RCE) via Twig Server-Side Template Injection (SSTI)

Chaining Three Bugs to Access All Your ServiceNow Data

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Built with ❤️ by Shubham Rawat