FreeMarker SSTI tricks
FreeMarker SSTI tricks. GitHub Gist: instantly share code, notes, and snippets.
I recently found a blind FreeMarker SSTI on a bbp. It was not possible to RCE but I found some nice gadgets to enumerate accessible variables, read data blindly or perform some DoS. I documented that here if someone is interested
gist.github.com/n1nj4sec/5e3...
18.12.2024 20:13
๐ 12
๐ 3
๐ฌ 0
๐ 0
I talk about this on the pod all the time, but CSRF is dead simple. You just need to know the conditions.
I'm not gonna recite them again here, but today a new condition came up:
No Content-Type header -> no CSRF restrictions
Same-site: None
POST
= CSRF
The research:
27.11.2024 16:55
๐ 41
๐ 5
๐ฌ 4
๐ 0
๐
27.11.2024 20:10
๐ 2
๐ 0
๐ฌ 0
๐ 0
wow crazy trick !! thank you for sharing this Justin
27.11.2024 19:58
๐ 1
๐ 0
๐ฌ 0
๐ 0
