.png)
1 day ago
6 BOOK THIS SPACE FOR AD
ARTICLE AD
Free Link🎈
Hey there!
Life lesson number 237: If they don’t remember your name, just break the system until they do! 😎
Hi, I’m Iski, and today I bring you a wild ride from a friendly registration form to a full-blown Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE). Yup, it’s one of those stories where my name quite literally broke the system.
It all started with good ol’ recon. After sifting through endpoints like a detective with a magnifying glass, I came across a sign-up page. While most people enter their names without a second thought, I saw an opportunity.
Here’s where the fun began. Like every responsible bug hunter, I thought, why not see how they handle my name? Instead of using the boring ol’ “Iski,”, I went with the classic test payload:
{{7*7}}Why? Because if it evaluates to 49, we’re in business.
After submitting the form, I eagerly waited for the welcome email. Guess what? The subject greeted me with:
49, Welcome aboard!Ah, the sweet taste of success. This confirmed an SSI vulnerability, meaning the server was evaluating my payload.
Here’s how the madness unfolded:
Sign Up Time: I hopped onto , and hit that tempting Register button.Evil Name Plot: Instead of a standard name, I…
Bengali (Bangladesh) · 
English (United States) ·