scomurr
@scomurr777.bsky.social
🚨 SSTI PortSwigger Lab 7 Writeup 🚨
Deep code analysis, creative exploitation & persistence are key! Detailed errors, exploring beyond the obvious & combining techniques drive success.
https://lnkd.in/gAkCFe6Q
#WebSecurity #CyberSecurity #Infosec #CTF #LearningByDoing
Deep code analysis, creative exploitation & persistence are key! Detailed errors, exploring beyond the obvious & combining techniques drive success.
https://lnkd.in/gAkCFe6Q
#WebSecurity #CyberSecurity #Infosec #CTF #LearningByDoing
March 12, 2025 at 2:01 PM
🚨 SSTI PortSwigger Lab 7 Writeup 🚨
Deep code analysis, creative exploitation & persistence are key! Detailed errors, exploring beyond the obvious & combining techniques drive success.
https://lnkd.in/gAkCFe6Q
#WebSecurity #CyberSecurity #Infosec #CTF #LearningByDoing
Deep code analysis, creative exploitation & persistence are key! Detailed errors, exploring beyond the obvious & combining techniques drive success.
https://lnkd.in/gAkCFe6Q
#WebSecurity #CyberSecurity #Infosec #CTF #LearningByDoing
More Server-Side Template Injection!
In this post, I break down the expert-level lab challenge—from initial recon to recursive object enumeration and chained function calls—to uncover hidden sensitive files.
https://lnkd.in/gPFRksxB
#WebSecurity #SSTI #Infosec #CyberSecurity
In this post, I break down the expert-level lab challenge—from initial recon to recursive object enumeration and chained function calls—to uncover hidden sensitive files.
https://lnkd.in/gPFRksxB
#WebSecurity #SSTI #Infosec #CyberSecurity
March 4, 2025 at 3:02 PM
More Server-Side Template Injection!
In this post, I break down the expert-level lab challenge—from initial recon to recursive object enumeration and chained function calls—to uncover hidden sensitive files.
https://lnkd.in/gPFRksxB
#WebSecurity #SSTI #Infosec #CyberSecurity
In this post, I break down the expert-level lab challenge—from initial recon to recursive object enumeration and chained function calls—to uncover hidden sensitive files.
https://lnkd.in/gPFRksxB
#WebSecurity #SSTI #Infosec #CyberSecurity
My latest PortSwigger Web Security Academy lab: 'SSTI with Info Disclosure via User-Supplied Objects.' The lab ramps up the challenge with advanced techniques and real-world scenarios to hone skills with fuzzing & recon. https://lnkd.in/g7_66wBe
#WebSecurity #SSTI
#WebSecurity #SSTI
February 25, 2025 at 3:01 PM
My latest PortSwigger Web Security Academy lab: 'SSTI with Info Disclosure via User-Supplied Objects.' The lab ramps up the challenge with advanced techniques and real-world scenarios to hone skills with fuzzing & recon. https://lnkd.in/g7_66wBe
#WebSecurity #SSTI
#WebSecurity #SSTI
This PortSwigger SSTI lab cranks up the challenge—no framework hints, just raw template injection. More recon, more precision.
🔗 Read it here: https://lnkd.in/gNKXp7jq
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
🔗 Read it here: https://lnkd.in/gNKXp7jq
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
February 20, 2025 at 4:02 PM
This PortSwigger SSTI lab cranks up the challenge—no framework hints, just raw template injection. More recon, more precision.
🔗 Read it here: https://lnkd.in/gNKXp7jq
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
🔗 Read it here: https://lnkd.in/gNKXp7jq
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
🚨 New Blog Post: SSTI Using Documentation 🚨
This SSTI lab is all about using docs to identify the template engine and craft the right exploit. Just methodical recon, execution, and RCE.
🔗 Read it here: https://lnkd.in/gkUCHzhx
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
This SSTI lab is all about using docs to identify the template engine and craft the right exploit. Just methodical recon, execution, and RCE.
🔗 Read it here: https://lnkd.in/gkUCHzhx
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
February 18, 2025 at 3:02 PM
🚨 New Blog Post: SSTI Using Documentation 🚨
This SSTI lab is all about using docs to identify the template engine and craft the right exploit. Just methodical recon, execution, and RCE.
🔗 Read it here: https://lnkd.in/gkUCHzhx
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
This SSTI lab is all about using docs to identify the template engine and craft the right exploit. Just methodical recon, execution, and RCE.
🔗 Read it here: https://lnkd.in/gkUCHzhx
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
🚨 New Blog Post: SSTI Code Context 🚨
This post is all about understanding how template rendering affects exploitability and utilizing unhandled errors. Less guessing, more control.
🔗 Read it here: https://lnkd.in/gHgA5mZH
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
This post is all about understanding how template rendering affects exploitability and utilizing unhandled errors. Less guessing, more control.
🔗 Read it here: https://lnkd.in/gHgA5mZH
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
February 12, 2025 at 3:02 PM
🚨 New Blog Post: SSTI Code Context 🚨
This post is all about understanding how template rendering affects exploitability and utilizing unhandled errors. Less guessing, more control.
🔗 Read it here: https://lnkd.in/gHgA5mZH
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
This post is all about understanding how template rendering affects exploitability and utilizing unhandled errors. Less guessing, more control.
🔗 Read it here: https://lnkd.in/gHgA5mZH
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
🚨 New Blog Post: Breaking Down SSTI 🚨
This post walks through the first PortSwigger SSTI lab, breaking down the exploit and showing how to turn a simple injection into full control.
🔗 Read it here: https://lnkd.in/g8y3wmwW
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
This post walks through the first PortSwigger SSTI lab, breaking down the exploit and showing how to turn a simple injection into full control.
🔗 Read it here: https://lnkd.in/g8y3wmwW
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
February 10, 2025 at 3:02 PM
🚨 New Blog Post: Breaking Down SSTI 🚨
This post walks through the first PortSwigger SSTI lab, breaking down the exploit and showing how to turn a simple injection into full control.
🔗 Read it here: https://lnkd.in/g8y3wmwW
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
This post walks through the first PortSwigger SSTI lab, breaking down the exploit and showing how to turn a simple injection into full control.
🔗 Read it here: https://lnkd.in/g8y3wmwW
#BugBounty #OffensiveSecurity #SSTI #WebSecurity
My latest blog dives into the Same-Origin Policy (SOP): what it locks down, what it doesn’t, and why it’s critical for web security.
Check it out here: sc.scomurr.com/understandin...
#WebSecurity #BugBounty #SOP #CyberSecurity
Check it out here: sc.scomurr.com/understandin...
#WebSecurity #BugBounty #SOP #CyberSecurity
Understanding Same-Origin Policy (SOP) - Scomurr's Blog
What is same-origin policy or SOP? This post digs into why its important from the standpoint of web defense as well as offensive security.
sc.scomurr.com
December 4, 2024 at 3:19 AM
My latest blog dives into the Same-Origin Policy (SOP): what it locks down, what it doesn’t, and why it’s critical for web security.
Check it out here: sc.scomurr.com/understandin...
#WebSecurity #BugBounty #SOP #CyberSecurity
Check it out here: sc.scomurr.com/understandin...
#WebSecurity #BugBounty #SOP #CyberSecurity