For my final yapping session, I noticed that Zoomie used handlebars as a templating engine. Lately, I was checking the Server Side Template Injection (SSTI) vulnerability. So... The concept of Server-Side Template Injection (SSTI) was first publicly introduced by PortSwigger researchers in 2015. It is basically when user input is unsafely embedded into server-side templates. These templates are used by web applications to generate dynamic content by combining user data with predefined structures. For example,
If 'username' contains an expression that's evaluated (say something like {{3*5}}), it will lead to a malicious code execution. Every server side language has its own template engine like for PHP: Smarty, Twig and for Python: Jinja2, Mako and for Java: Freemarker, Velocity. I personally used pug in node js for other projects and handlebars for zoomie. If a site uses a template engine, you can determine its type by running the following payload:
The exploitation flow goes like: inject crafted payloads into vulnerable fields, and execute arbitrary commands or access sensitive server data, and then escalate privileges for full server control. Let us say for example the site uses Jinja2. If you get a response by running the identification payload, you can then execute commands like whoami on the server.
You can basically run commands you want directly on the server. This shit has medium or high severity impact since it leads to RCE and stuff. You can just avoid this by validating the user input at the first place.
Hello {{ username }}If 'username' contains an expression that's evaluated (say something like {{3*5}}), it will lead to a malicious code execution. Every server side language has its own template engine like for PHP: Smarty, Twig and for Python: Jinja2, Mako and for Java: Freemarker, Velocity. I personally used pug in node js for other projects and handlebars for zoomie. If a site uses a template engine, you can determine its type by running the following payload:
Jinja2 (Python Flask/Django): {{ 7*7 }}
Freemarker (Java): ${7*7}
Velocity (Java): #set($a = 7*7)${a}
Thymeleaf (Java): ${7*7}
Twig (PHP Symfony): {{ 7*7 }}
Smarty (PHP): {$7*7}
Mako (Python): <% print 7*7 %>The exploitation flow goes like: inject crafted payloads into vulnerable fields, and execute arbitrary commands or access sensitive server data, and then escalate privileges for full server control. Let us say for example the site uses Jinja2. If you get a response by running the identification payload, you can then execute commands like whoami on the server.
{{self._TemplateReference__context.cycler.__init__.__globals__.os.popen('whoami').read()}}You can basically run commands you want directly on the server. This shit has medium or high severity impact since it leads to RCE and stuff. You can just avoid this by validating the user input at the first place.
Elementary school was wild man
I remembered a vivid memory where a grown ass adult guest telling us the difference between email and gmail was that we use electric to send emails and generator to send gmails. Bro should've been sentenced for life
I remembered a vivid memory where a grown ass adult guest telling us the difference between email and gmail was that we use electric to send emails and generator to send gmails. Bro should've been sentenced for life
🤣34🔥2
Mira
Elementary school was wild man I remembered a vivid memory where a grown ass adult guest telling us the difference between email and gmail was that we use electric to send emails and generator to send gmails. Bro should've been sentenced for life
destined for a generational trauma,
does cybersec now. God is good
does cybersec now. God is good
Forwarded from RaGoose
still one of my fav creator
https://www.youtube.com/watch?v=RBRO-YGMYs0
https://www.youtube.com/watch?v=RBRO-YGMYs0
YouTube
Elementary School in a Nutshell
Elementary school was something else. It was fun tho.
Subscribe for more of me!
Wanna see my best vids, voila:- https://www.youtube.com/watch?v=jgdoR5Yb5to&list=PLpSx4Y0USB-8p7hqdj9tej9XQ0kLLjWW3&index=4
Old boys school vid in : https://www.patreon.com…
Subscribe for more of me!
Wanna see my best vids, voila:- https://www.youtube.com/watch?v=jgdoR5Yb5to&list=PLpSx4Y0USB-8p7hqdj9tej9XQ0kLLjWW3&index=4
Old boys school vid in : https://www.patreon.com…
❤3
life update ?
Anonymous Poll
36%
going well. I just like it
36%
meh. but not a dead man walking
28%
surviving barely
Mira
The expectations of others were the bars I used for my own cage.
I would sacrifice pieces of my flesh, but I'd still be considered selfish for keeping my bones
#stolenpfp
#stolenpfp
💯4❤2
Mira
cringe songs
want access ?
Miki said they are smh good. not top tier taste like @Su_ch_is_life or any of the peeps who are into Art, but they pass the vibe check for a casual listen while doing some chores. here goes:
https://news.1rj.ru/str/+CmBzrluJ4fExMDRk
Miki said they are smh good. not top tier taste like @Su_ch_is_life or any of the peeps who are into Art, but they pass the vibe check for a casual listen while doing some chores. here goes:
https://news.1rj.ru/str/+CmBzrluJ4fExMDRk
Telegram
The Playlist by Mira
my playlist tho i have a messed up music taste
🔥6
Mira
Kinda pausing all my cybersec activities for 7 weeks.
okay
it kinda feels empty without cybersec and coding. the break was meant to take care of my personal stuff, but I am managing to get some time off. so, I am gonna dive into cloud computing to pass the boredom. I am messing around to get a linux server from oracle cloud currently. will keep you updated
it kinda feels empty without cybersec and coding. the break was meant to take care of my personal stuff, but I am managing to get some time off. so, I am gonna dive into cloud computing to pass the boredom. I am messing around to get a linux server from oracle cloud currently. will keep you updated
❤4⚡1😁1
Robi makes stuff
I've tried my best. Please don't be mad at me if i missed you , ill add you just send me a dm. its 6 am and i haven't slept lol , I'd forget myself in this state. but yeah here is an archive that you can look back at in a few years. Read only link to look…
This media is not supported in your browser
VIEW IN TELEGRAM
3
Solo codes
IT FINALLY DROPPED https://youtu.be/RUb-Es7eCwk?si=cHNU9JVM7eHDJsFS
show some love for our boy
do watch and sub
do watch and sub
⚡8
in a tribute to brookmg, one of the android chad
https://github.com/brookmg?tab=overview&from=2016-10-01
https://github.com/brookmg?tab=overview&from=2016-10-01
😁8
Mira
so, I am gonna dive into cloud computing to pass the boredom
Great Learning
Free Cloud Computing Courses Online with Certificates (2026)
Explore free cloud computing courses online with certificates. Learn essential skills in AWS, Azure, Google Cloud, & more, Ideal for IT enthusiasts. Enroll now
⚡2
Mira
hmm... gonna check this https://www.mygreatlearning.com/cloud-computing/free-courses?p=2 #resources
if your intention is to be a cloud engineer or some sorta cloud specialization, the major providers have free academy dedicated to their vendor (like AWS educate) and that often comes with good free cloud resource tier.
but I am learning cloud computing to automate some stuff which can be useful later on. first had the idea from one of the Stok's interview on bug bounty. he basically conducts parallel network scans using Nmap on the cloud, by spinning up multiple VMs or droplets on a service like DigitalOcean with its own unique IP address so that he can run five parallel Nmap scans by giving five different IPs to each of his droplets. for example, if Stok was targeting a website hosted on the West Coast of the United States, he could deploy a droplet in a nearby data center and use the other droplets for different targets. this is distributed traffic and helps in reducing latency and avoiding detection by firewalls and IPS. so this is basically scanning at scale with minimized noise on a target. practically, this has challenges especially given that our instability in internet speed (writing this while my connection is being throttled lmao). plus, misconfiguration and multi-tenant issue might pose a risk for critical scans. generally speaking tho, cloud skills are a must
but I am learning cloud computing to automate some stuff which can be useful later on. first had the idea from one of the Stok's interview on bug bounty. he basically conducts parallel network scans using Nmap on the cloud, by spinning up multiple VMs or droplets on a service like DigitalOcean with its own unique IP address so that he can run five parallel Nmap scans by giving five different IPs to each of his droplets. for example, if Stok was targeting a website hosted on the West Coast of the United States, he could deploy a droplet in a nearby data center and use the other droplets for different targets. this is distributed traffic and helps in reducing latency and avoiding detection by firewalls and IPS. so this is basically scanning at scale with minimized noise on a target. practically, this has challenges especially given that our instability in internet speed (writing this while my connection is being throttled lmao). plus, misconfiguration and multi-tenant issue might pose a risk for critical scans. generally speaking tho, cloud skills are a must
👌4