- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
The Hidden DANGER of Jinja2 TEMPLATES (Lead to RCE)
🔔 Stay ahead of cybersecurity insights – Subscribe & turn on notifications!
In this episode, we explore Server-Side Template Injection, focusing on three challenges related to API security. He demonstrates how to identify and exploit server-side template injection vulnerabilities, execute remote code, and retrieve flags from the system. We emphasize practical techniques for security researchers and highlights the importance of understanding vulnerabilities in web applications.
Takeaways
• Bug Bounty Hub is a new platform for reporting vulnerabilities.
• Server-side template injection can be exploited using Jinja2 templates.
• Understanding the syntax of templates is crucial for exploitation.
• Payload All the Things is a valuable resource for SSTI.
• Remote Code Execution (RCE) can be achieved through template injection.
• Listing files and directories can reveal sensitive information.
• Unintended pathways in applications can be exploited for challenges.
• Each challenge requires a different approach to find solutions.
• Engaging with the community can enhance learning and discovery.
• Practical demonstrations are essential for understanding security concepts.
Chapters
00:00 Introduction to Bug Bounty Hub Challenges
02:42 Exploring Server-Side Template Injection
05:53 Retrieving Flags and Conclusion
🎥 What Makes You Different Podcast: https://www.youtube.com/playlist?list=PLdTw7mr-fqcjRlfC5u87y2kGI5PA-fhrC
Follow us everywhere:
🌐 Website: https://mresecurity.com
🔗 LinkedIn: https://www.linkedin.com/company/mresecurity
📘 Facebook: https://facebook.com/mresecure
📸 Instagram: https://instagram.com/mresecurity
Republic of Hackers Discord: https://discord.gg/tyft6vM8bt
Disclaimer: This video is for educational purposes only. It demonstrates ethical hacking techniques to improve cybersecurity, and MRE Security is not responsible for how viewers choose to use this information.
#cybersecurity #penetrationtesters #networksecurity #vulnerabilities #certifications #infosec #pentesting #certifications #cyber #security
Видео The Hidden DANGER of Jinja2 TEMPLATES (Lead to RCE) канала MRE Security
In this episode, we explore Server-Side Template Injection, focusing on three challenges related to API security. He demonstrates how to identify and exploit server-side template injection vulnerabilities, execute remote code, and retrieve flags from the system. We emphasize practical techniques for security researchers and highlights the importance of understanding vulnerabilities in web applications.
Takeaways
• Bug Bounty Hub is a new platform for reporting vulnerabilities.
• Server-side template injection can be exploited using Jinja2 templates.
• Understanding the syntax of templates is crucial for exploitation.
• Payload All the Things is a valuable resource for SSTI.
• Remote Code Execution (RCE) can be achieved through template injection.
• Listing files and directories can reveal sensitive information.
• Unintended pathways in applications can be exploited for challenges.
• Each challenge requires a different approach to find solutions.
• Engaging with the community can enhance learning and discovery.
• Practical demonstrations are essential for understanding security concepts.
Chapters
00:00 Introduction to Bug Bounty Hub Challenges
02:42 Exploring Server-Side Template Injection
05:53 Retrieving Flags and Conclusion
🎥 What Makes You Different Podcast: https://www.youtube.com/playlist?list=PLdTw7mr-fqcjRlfC5u87y2kGI5PA-fhrC
Follow us everywhere:
🌐 Website: https://mresecurity.com
🔗 LinkedIn: https://www.linkedin.com/company/mresecurity
📘 Facebook: https://facebook.com/mresecure
📸 Instagram: https://instagram.com/mresecurity
Republic of Hackers Discord: https://discord.gg/tyft6vM8bt
Disclaimer: This video is for educational purposes only. It demonstrates ethical hacking techniques to improve cybersecurity, and MRE Security is not responsible for how viewers choose to use this information.
#cybersecurity #penetrationtesters #networksecurity #vulnerabilities #certifications #infosec #pentesting #certifications #cyber #security
Видео The Hidden DANGER of Jinja2 TEMPLATES (Lead to RCE) канала MRE Security
ssti ssti exploit ssti poc twig ssti ssti vulnerability jinja2 ssti django ssti exploit ssti ssti exploits ssti polyglot ssti examples ssti tutorial tutorial ssti ssti explained how to find ssti ssti detection ssti mitigation exploiting ssti ssti portswigger ssti complete lab how to exploit ssti ssti for bug bounty ssti reverse shell ssti exploit github ssti template engine vulnerabilidad ssti ssti vulnerabilities ssti complete tutorial
Комментарии отсутствуют
Информация о видео
26 июня 2025 г. 21:01:06
00:07:33
Другие видео канала
Will AI Change the World Like Social Media Did? | What Makes You Different Podcast | EP 9
What Are The Most SIGNIFICANT API Challenges Companies Face Today
The Truth About How I Broke Into Cybersecurity | 2025 Recap
Abusing EVAL Functions in PYTHON Using GLOBAL Variables
Exploiting SSTI | How to IDENTIFY This Dangerous Vulnerability
Bypassing SSRF Filters Is EASY With This Subdomain TRICK
Chaining Vulnerabilities Together - SSRF to SSTI!
Financial Company's HUGE Mistake Exposes Sensitive Data (DeadFace 2025 CTF)
This DANGEROUS Printer Vulnerability Leads to CLEARTEXT Passwords
Can You Trick A Firewall With A Simple Dot?
How to Make CYBERSECURITY Training Way More Exciting!
CYBERSECURITY Is A Game of Networking - Who You Know, Not What You Know!
How To Find Your Perfect Tech Community Fast!
Sar2HTML Command Injection EXPOSED | Boiler CTF TryHackMe Walkthrough
Web CTF Walkthrough: When APIs Fight Back (SSRF, SSTI, GraphQL & More)
Password Reset Flaw Lead To ACCOUNT TAKEOVER! (Armaxis Walkthrough)
How to Install & Use Burp Suite (Windows, Linux, MacOS) | Full Beginner Tutorial
React2Shell Vulnerability in Action - Unauthenticated RCE in React/NextJS (CTF Demo)
How To PRACTICE The React2Shell Unauthenticated RCE (CVE-2025-55812)
Understanding the BASICS in CYBERSECURITY is CRUCIAL
PicoCTF Web Exploitation Challenges FOR BEGINNERS!
Why Posting On LINKEDIN Is Your Key To Breaking Into CYBERSECURITY
Pre-Configured Browser Built Into Burp Suite! (No FoxyProxy Needed)
Hidden API Version Leads to IDOR Vulnerability | NeoVault & OnlyHacks Walkthrough
