logo

DOJO Challenge #28 Winners!

ID: cd922684-ab33-5101-bd69-a5cedda0b2bf

STIX ID: report--cd922684-ab33-5101-bd69-a5cedda0b2bf

Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed

Threat Score
70/100

Date Published: 2023-11-14

Date Updated: 2026-07-04

...
...

This write-up details exploitation of a server-side template injection (SSTI) in Apache Velocity, showing a working proof-of-concept that leverages Velocity's ClassTool and Runtime.exec to run system commands (demonstrated with `whoami` returning root). It also describes filter-evasion techniques (Quiet Reference Notation and bracketed directives), discusses the risk of full server compromise and lateral movement, and provides remediation guidance such as avoiding user-editable templates, using logic-less engines, input sanitization, and sandboxing.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.