Tyler's Blog
  • About Me
  • Writeups
    • HackTheBox
      • Linux
        • Cap
        • Backdoor
        • SwagShop
      • Windows
        • Jeeves
    • TryHackMe
      • Rooms
        • Dirty Pipe: CVE-2022-0847
        • Solar, exploiting log4j
        • Spring4Shell: CVE-2022-22965
        • GoldenEye
    • VulnHub
      • GoldenEye
  • Tools
    • Configuration
      • Init
    • Enumeration
      • AutoRecon
      • Subdomain Enumeration
    • GitLeaks
  • Pentesting
    • Privilege Escalation
      • Linux
        • VIM Tricks
    • Reverse Engineering
      • Cutter
      • Immunity Debugger
      • Binary Enumeratoin
    • Misc Commands
      • SSH Tunnel
      • Carve out file from memory
      • Powershell
    • Active Directory
      • Domain Enumeration
    • Application Security
      • SSTI
    • Passwords
      • Hashcat
      • Wordlists
    • C2
      • Metasploit
    • Shells
  • LeetCode
    • Challenges
      • Palindrome Number
      • Two Sum
    • Simple Security Tools
      • Port Scanner
  • Cloud
    • Security Tools
      • Multi Cloud
      • AWS
  • CTF Platforms I Like
    • HackTheBox
    • TryHackMe
    • VulnHub
    • OWASP Juice Shop
  • Connect With Me
    • Linkedin
    • Github
  • 😎Support
    • ko-fi
Powered by GitBook
On this page
  1. Pentesting
  2. Application Security

SSTI

Server Side Template Injection

PreviousApplication SecurityNextPasswords
${{<%[%'"}}%\.    ### For more details see the cobalt strike blog below.
LogoA Pentester’s Guide to Server Side Template Injection (SSTI) | Cobalt BlogCobalt