Play for serendipity...
Play for serendipity...
This is the third blog post covering server-side template injection and the associated PortSwigger Web Security Academy labs. This one, to me, is a lot like the last one. Like – exactly. That’s ok, though, as practice makes permanent. And…
Time for the second blog post as in regards to Server-Side Template Injection. This next lab goes a little deeper than the first. For the first lab, all we had to do was identify where a template may be in…
I love hacking. Recently, YesWeHack released a video on YouTube of Brumens’s talk about advanced SSTI techniques from the 2024 Ekoparty conference. This has inspired me to circle back on this topic, redo the Portswigger labs and document. I know…
Reflected origin lab conquered – now, let’s look at when the server side accepts a null origin. Why would a developer ever allow server side to accept a null origin? Sometimes web applications need to use other protocols (file:// for…
It’s time to get back to the labs on PortSwigger Web Security Academy. For this lab, we’re dealing with a CORS vulnerability with Origin reflection. We’re dealing with Same-Origin Policy and Cross-Origin. Here’s a few reference links for additional content:…