1 supporter
Finding SSTI in an EJS app using existin ...

Finding SSTI in an EJS app using existing exploits and undocumented features

Mar 29, 2023

Valentine is an easy-difficulty web challenge from the hxp 2022 CTF, involving the exploitation of a Server Side Template Injection vulnerability useful to obtain remote code execution. The exploitation is possible thanks to an undocumented feature in Express and EJS that allows bypassing the security checks made by the application and rendering arbitrary templates. The intended solution adopted a similar approach but used a documented feature that will be covered in the final chapter.

You can find the full writeup here!


Enjoy this post?

Buy 0xbro a coffee

More from 0xbro