SSTI Complete Lab Breakdown: Basic server-side template injection (code context)

Рет қаралды 8,708

Күн бұрын

Пікірлер: 26

@DG-qt3qn 2 жыл бұрын

FINALLY someone made quality informative videos on Burp labs. Some of their labs are extremely complex and the solutions dont explain how to realistically solve them.

@7SeasSecurity 2 жыл бұрын

Hey! Appreciate the comment. We were really excited to be able to put this stuff out and have Portswigger list us on there. I hope it was helpful! Planning to do the rest of the labs over time!

@JuanBotes 2 жыл бұрын

What I really enjoy about this and other videos from you is the clear explanation of finding, identifying, and determining the template used in the framework, then from there you show nice how you do your payload testing and exploitation, really thanks \o/

@7SeasSecurity 2 жыл бұрын

Really appreciate the kind words! My goal with covering these labs was to tackle them similar to how I would on a pentest. I wanted to convey not only the solution, but also some reproducible discovery methodology and things that stand out to me to hopefully give some helpful tips. Glad to hear it's been helpful so far! Thanks so much for the support!

@7SeasSecurity 2 жыл бұрын

Hey all! Appreciate you checking out the vid. Had some audio syncing issues with this one, but wanted to make sure I got it out there raw with the errors we encountered. I got some feedback that it's good to see troubleshooting live, so I kept it in. Hope that works alright! Got new hardware, so shouldn't run into this issue in the future. Appreciate your patience!

@nasombradocodigo 2 жыл бұрын

This is the type of content that we needed about the portswigger labs!! So informative and with great explanation

@7SeasSecurity 2 жыл бұрын

Really appreciate that! It's been really great being able to share my perspective / methodology through these videos. Thanks so much for checking out the video!

@MaximMikhAntonov Жыл бұрын

Perfect. Love ur style - clear and concise.

@7SeasSecurity Жыл бұрын

Hey, really appreciate the kind words. I hope the video was helpful!

@suder54ULs 6 ай бұрын

Best resource, among all i have to check. Good Keep going

@7SeasSecurity 5 ай бұрын

Really appreciate that!

@mf-11111 Жыл бұрын

Whoaa! Thanks you for that content! New sub

@nishantdalvi9470 8 ай бұрын

Hey bro at 1:27 none of the posted comments gets evaluated to 49, So from this can we conclude that the HTML page represented by the web server when we make a request at the route :- /post?postId=3 is not been rendered by the template engine (tornado in this lab) instead just the username is been evaluated at some place else by the template engine and that dynamically generated username is simply presented on the blog post's comment section ?