- Published on
Exploiting path traversal in a tar file extraction process to overwrite a rendered template, leading to Server-Side Template Injection (SSTI) and ultimately achieving Remote Code Execution (RCE)
Extract-vulnerbility
All Posts
- web (5)
- exploitation (4)
- whack-a-scratch (2)
- ctf (2)
- writeup (2)
- sql-injection (2)
- path-traversal (2)
- ssti (2)
- rce (2)
- hatagawa (1)
- hatagawa-ii (1)
- cryptography (1)
- crypto (1)
- blackhat (1)
- blackhat-2025 (1)
- blackhat2025 (1)
- ctf-writeup (1)
- flagyard (1)
- codecon (1)
- ejs (1)
- ejs-exploit (1)
- blind-sql (1)
- file-upload-vulnerbility (1)
extract-vulnerbility (1)
- jwt (1)
- graphql (1)
- lfi (1)