Skip to content
No results
  • Main Blog
  • Offensive Security
  • Ops and Dev
    • SCOM
    • Web Dev
  • Other
    • SEO
  • About
scomurr.com logo banner

Play for serendipity...

  • Main Blog
  • Offensive Security
  • Ops and Dev
    • SCOM
    • Web Dev
  • Other
    • SEO
  • About
scomurr.com minimal logo

Play for serendipity...

ssti lab 7 - featured image
  • SSTI, Security, Web Attacks

SSTI – Server-side template injection with a custom exploit

This one was definitely a step up in complexity. This is the 7th (and final as of Feb 2025) Server-Side Template Injection lab available on the PortSwigger Web Security Academy. I really enjoyed the series and intend on doing additional…

  • scomurr
  • 03/11/2025
ssti lab 6 - featured image
  • SSTI, Security, Web Attacks

SSTI – Server-side template injection in a sandboxed environment

Continuing the series on Server-Side Template Injection (SSTI) based on the PortSwigger Web Security Academy labs. This is the 6th in the series and we’re stepping up to an expert level lab. We’ve moved past rudimentary injection attacks and moved…

  • scomurr
  • 03/04/2025
ssti lab 5 featured image
  • SSTI, Security, Web Attacks

SSTI – Server-side template injection with information disclosure via user-supplied objects

This is the write up for the PortSwigger Web Security Academy 5th lab in the series for Server-Side Template Injection (SSTI). This one is definitely a step up in complexity. This goes beyond identifying the location for the injection and…

  • scomurr
  • 02/25/2025
monkey riding a bike - ssti lab 4 - featured image
  • SSTI, Security, Web Attacks

SSTI – Server-side template injection in an unknown language with a documented exploit

This is the fourth lab from the PortSwigger Web Security Academy on SSTI or Server Side Template Injection. This lab solves in almost exactly the same way as the previous labs – it’s a matter of finding where the vulnerability…

  • scomurr
  • 02/20/2025
SSTI lab 3 - featured image
  • SSTI, Security, Web Attacks

SSTI – Server-side template injection using documentation

This is the third blog post covering server-side template injection and the associated PortSwigger Web Security Academy labs. This one, to me, is a lot like the last one. Like – exactly. That’s ok, though, as practice makes permanent. And…

  • scomurr
  • 02/17/2025
1 2 3 4 … 19
Next
  • ssti lab 7 - featured image
    SSTI – Server-side template injection with a custom exploit03/11/2025
  • ssti lab 6 - featured image
    SSTI – Server-side template injection in a sandboxed environment03/04/2025
  • ssti lab 5 featured image
    SSTI – Server-side template injection with information disclosure via user-supplied objects02/25/2025
  • monkey riding a bike - ssti lab 4 - featured image
    SSTI – Server-side template injection in an unknown language with a documented exploit02/20/2025
  • SSTI lab 3 - featured image
    SSTI – Server-side template injection using documentation02/17/2025

Scomurr.com is partially supported by readers like you. When you purchase products or services through our affiliate links, we may receive a commission. This will bring no extra costs to you and helps us to keep on creating content.

Legal

  • Terms and Conditions
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
  • DMCA
  • GDPR
  • Disclaimer

My Favorites

  • VistaSocial
  • NeuronWriter
  • Canva

Socials

Copyright © 2025 - WordPress Theme by CreativeThemes