Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
5089Remote Code Execution in AT&T RCE SSTI Components with known vulnerabilities AT&T Corben Leo (@hacker_) Bug Bounty2017-03-102023-06-13
4899RCE Vulnerabilite in Yahoo Subdomain! ( Yahoo! RCE via Spring Engine SSTI ) By tghawkins RCE Yahoo! / Verizon Media Mohamed Haron (@m7mdharon) Bug Bounty2018-01-052023-06-13
4676Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716] SSTI SEOmatic CMS plugin Sebastian (ha.cker.info) Bug Bounty2018-07-242023-06-13
4345Frappé Technologies ERPNext Server Side Template Injection SSTI ERPNext Brian Hyde (@0xHyde) Bug Bounty2019-01-232023-06-13
4220Handlebars template injection and RCE in a Shopify app SSTI RCE Shopify Mahmoud Gamal (@Zombiehelp54) Bug Bounty2019-04-042023-06-13
3939Super Glamorous Recon with Intended Functionalities SSTI XSS NA hateshape (@hateshaped) Bug Bounty2019-09-062023-06-13
3915RCE with Flask Jinja Template Injection SSTI RCE NA AkShAy KaTkAr (@AkShAy KaTkAr) Bug Bounty2019-09-172023-06-13
3903Fuzzing {{7*7}} Till {{P1}} SSTI NA Verneet (@err0rrrrr) Bug Bounty2019-09-232023-06-13
3861How I hacked 50+ Companies in 6 hrs SSTI RCE NA Vignesh C (@pwn_r00t) Bug Bounty2019-10-292023-06-13
3574Limited freemarker ssti to arbitrary liql query and manage lithium cms SSTI NA Mert (@mertistaken) Bug Bounty2020-03-302023-06-13
3025RCE via Server-Side Template Injection SSTI RCE NA Gaurav Mishra (@gmishra010) Bug Bounty2020-11-152023-06-13
2992SSTI to Local File Read SSTI LFI NA Demon (@R29k_) Bug Bounty2020-12-022023-06-13
2953SSTI in Google Maps SSTI Google s1r1us (@s1r1u5_) Bug Bounty2020-12-222023-06-13
2768Stealing user passwords through a VPN’s SSO Open redirect SSTI NA Alain Mowat (@plopz0r) Bug Bounty2021-02-252023-06-13
2711Abusing Data Protection Laws For D0xing & Account Takeovers SSTI Account takeover NA Hx01 (@Hxzeroone) Bug Bounty2021-03-172023-06-13
2389How I Found Multiple Bugs On FaceBook In 1 Month And a Part For My Methodology & Tools SSTI SQL injection Authentication bypass Privilege escalation Reflected XSS Meta / Facebook Orwa Atyat (@GodfatherOrwa) Bug Bounty2021-07-232023-06-13
1708iTop – Template Injection inside customer Portal SSTI RCE Combodo (iTop) Markus Krell (@MarkusKrell) Bug Bounty2022-03-212023-06-13
1600EJS, Server side template injection RCE (CVE-2022-29078) - writeup SSTI RCE ejs NetApp Eslam Salem (@net_code) Bug Bounty2022-04-232023-06-13
1210RCE on Spip and Root-Me, v2! RCE SSTI DNS rebinding XSS Code injection Unrestricted file upload SPIP Laluka (@TheLaluka) Bug Bounty2022-08-162023-06-13
1036Escalating SSTI to Reflected XSS using curly braces {} SSTI XSS NA Sagar Sajeev (@Sagar__Sajeev) Bug Bounty2022-09-242023-06-13
729Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass SSTI RCE WAF bypass GitHub Peter M (@h1pmnh) Bug Bounty2022-12-042023-06-13
697Doing it the researcher’s way: How I Managed to Get SSTI (Server Side Template Injection) which lead to arbitrary file reading on One of the Leading Payment Systems in Asia SSTI WAF bypass NA JzeeRx Bug Bounty2022-12-132023-06-13
532Froxlor v2.0.6 Remote Command Execution (CVE-2023-0315) RCE Arbitrary file write SSTI Security code review Froxlor Askar (@mohammadaskar2) Bug Bounty2023-01-292023-06-13
485[CVE-2023-22855] Kardex MLOG - Insecure path join to RCE via SSTI RCE SSTI Security code review NA Patrick Hener (@C1sc01) Bug Bounty2023-02-072023-06-13
282SSTI leads to RCE on PyroCMS SSTI RCE PyroCMS cupc4k3 Bug Bounty2023-03-202023-06-13