Back to directory

WRITEUP #5567

Frappé Technologies ERPNext Server Side Template Injection

OtherSSTI

by@0xHyde(Brian Hyde)

Program

ERPNext

Published

Jan 23, 2019

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://medium.com/bugbountywriteup/frapp%C3%A9-technologies-erpnext-server-side-template-injection-74e1c95ec872

▸ RELATED WRITEUPS

SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff

Data Theft in Salesforce: Manipulating Public Links

OtherSOQL injection

When Certificates Fail: A Story of Bypassed MFA in Remote Access

Other2FA / MFA bypass

Ghost In The Ppl Part 1: Byovdll

OtherUse-After-Free

Part 2: From Byovdll To Arbitrary Code Execution In Lsass

OtherUse-After-Free

Built with ❤️ by Shubham Rawat