scomurr's Avatar

scomurr

@scomurr777

9
Followers 19
Following 8
Posts 21.11.2024
Joined
Posts Following

Latest posts by scomurr @scomurr777

SSTI Lab 7 from PortSwigger writup

SSTI Lab 7 from PortSwigger writup

🚨 SSTI PortSwigger Lab 7 Writeup 🚨

Deep code analysis, creative exploitation & persistence are key! Detailed errors, exploring beyond the obvious & combining techniques drive success.

https://lnkd.in/gAkCFe6Q

#WebSecurity #CyberSecurity #Infosec #CTF #LearningByDoing

12.03.2025 14:01 👍 0 🔁 0 💬 0 📌 0
bulldog running through sand - escaping sandbox ssti lab 6

bulldog running through sand - escaping sandbox ssti lab 6

More Server-Side Template Injection! 

In this post, I break down the expert-level lab challenge—from initial recon to recursive object enumeration and chained function calls—to uncover hidden sensitive files. 

https://lnkd.in/gPFRksxB

#WebSecurity #SSTI #Infosec #CyberSecurity

04.03.2025 15:02 👍 1 🔁 0 💬 0 📌 0
a fox hacking - ssti lab 5

a fox hacking - ssti lab 5

My latest PortSwigger Web Security Academy lab: 'SSTI with Info Disclosure via User-Supplied Objects.' The lab ramps up the challenge with advanced techniques and real-world scenarios to hone skills with fuzzing & recon. https://lnkd.in/g7_66wBe

#WebSecurity #SSTI

25.02.2025 15:01 👍 0 🔁 0 💬 0 📌 0
Monkey riding a bike - SSTI lab 4

Monkey riding a bike - SSTI lab 4

This PortSwigger SSTI lab cranks up the challenge—no framework hints, just raw template injection. More recon, more precision.

🔗 Read it here: https://lnkd.in/gNKXp7jq

#BugBounty #OffensiveSecurity #SSTI #WebSecurity

20.02.2025 16:02 👍 0 🔁 0 💬 0 📌 0
A marker escaping prison

A marker escaping prison

🚨 New Blog Post: SSTI Using Documentation 🚨

This SSTI lab is all about using docs to identify the template engine and craft the right exploit. Just methodical recon, execution, and RCE.

🔗 Read it here: https://lnkd.in/gkUCHzhx

#BugBounty #OffensiveSecurity #SSTI #WebSecurity

18.02.2025 15:02 👍 0 🔁 0 💬 0 📌 0
alligator hacking and drinking coffee

alligator hacking and drinking coffee

🚨 New Blog Post: SSTI Code Context 🚨

This post is all about understanding how template rendering affects exploitability and utilizing unhandled errors. Less guessing, more control.

🔗 Read it here: https://lnkd.in/gHgA5mZH

#BugBounty #OffensiveSecurity #SSTI #WebSecurity

12.02.2025 15:02 👍 0 🔁 0 💬 0 📌 0
squirrel drinking coffee and hacking

squirrel drinking coffee and hacking

🚨 New Blog Post: Breaking Down SSTI 🚨

This post walks through the first PortSwigger SSTI lab, breaking down the exploit and showing how to turn a simple injection into full control.

🔗 Read it here: https://lnkd.in/g8y3wmwW

#BugBounty #OffensiveSecurity #SSTI #WebSecurity

10.02.2025 15:02 👍 0 🔁 0 💬 0 📌 0
Preview
Understanding Same-Origin Policy (SOP) - Scomurr's Blog What is same-origin policy or SOP? This post digs into why its important from the standpoint of web defense as well as offensive security.

My latest blog dives into the Same-Origin Policy (SOP): what it locks down, what it doesn’t, and why it’s critical for web security.

Check it out here: sc.scomurr.com/understandin...

#WebSecurity #BugBounty #SOP #CyberSecurity

04.12.2024 03:19 👍 1 🔁 0 💬 0 📌 0