Discover and read the best of Twitter Threads about #securitytips

Most recents (2)

1/

Vuln: SSTI

Severity: Severity of the issue depends on from the engine that has been used

Server-side template injection occurs when user input is unsafely embedded into a server-side template, allowing users to inject template directives.

#bugbountytips #securitytips #SSTI
2/
Constructing a server-side template injection attack

Detect โ†’ Identify โ†’ Exploit

- Detect if SST is vulnerable to attack
โ€ข Identify the engine that the server uses. There are a huge number of templating languages, characters.
โ€ข Develop exploit on received data
3/

How you can detect SSTI:
Try fuzzing the template by injecting a sequence of special characters, such as `${{<%[%'"}}%`
Vulnerable code: render('Hello ' + username)
Request: "vulnerable-website.com/?username=${7*7}"
If the resulting output - `Hello 49` executes a mathematical operation
Read 10 tweets
We found a Remote Code Execution vulnerability in every #PostgreSQL database in #IBMCloud ๐Ÿ˜ฑ

Here is how we did it: ๐Ÿงต

#HellsKeychain
We set up a PostgreSQL instance in IBM Cloud and tried to execute code using the 'COPY FROM PROGRAM' statement. Unfortunately, this failed due to insufficient privileges. We were blocked! ๐Ÿšซ
We reviewed all IBM Cloud's proprietary functions that had the 'security definer' flag (meaning they will run as superuser). One of these functions had a SQL Injection vulnerability that we were able to exploit:
Read 16 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!