Server-Side Template Injection - RCE for the Modern Web App
Offered By: Black Hat via YouTube
Course Description
Overview
Explore server-side template injection vulnerabilities and their potential for remote code execution in modern web applications. Delve into techniques for recognizing template injection, exploiting template engines beyond their intended purpose, and achieving arbitrary code execution. Learn how to craft exploits targeting popular template engines and witness demonstrations of real-world RCE zero-days on corporate web applications. Gain insights into automated detection methods for template injection and discover how to identify and exploit subtle, application-specific vulnerabilities in seemingly secure template systems. This Black Hat conference talk equips security professionals with the knowledge to understand and mitigate this often overlooked attack vector in feature-rich web applications.
Syllabus
Server-Side Template Injection: RCE For The Modern Web App
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube