- Published on
Exploiting path traversal in a tar file extraction process to overwrite a rendered template, leading to Server-Side Template Injection (SSTI) and ultimately achieving Remote Code Execution (RCE)
Path-traversal
All Posts
- web (5)
- exploitation (4)
- whack-a-scratch (2)
- ctf (2)
- writeup (2)
- sql-injection (2)
path-traversal (2)
- ssti (2)
- rce (2)
- hatagawa (1)
- hatagawa-ii (1)
- cryptography (1)
- crypto (1)
- blackhat (1)
- blackhat-2025 (1)
- blackhat2025 (1)
- ctf-writeup (1)
- flagyard (1)
- codecon (1)
- ejs (1)
- ejs-exploit (1)
- blind-sql (1)
- file-upload-vulnerbility (1)
- extract-vulnerbility (1)
- jwt (1)
- graphql (1)
- lfi (1)
- Published on
Exploiting a path traversal vulnerability to upload a malicious file, leveraged local file inclusion (LFI) to execute it, used Server-Side Template Injection (SSTI) to gain Remote Code Execution (RCE), and ultimately located and read the flag from the server.