Hacking Websites: NodeJS Server-Side Template Injection
https://jh.live/snyk || Try Snyk for free and find vulnerabilities in your code and applications! ➡ https://jh.live/snyk
PS, I’ll be presenting for the CloudSec 360 webinar with Wiz on the MOVEit Transfer exploitation — tune in on November 8th! https://jh.live/wiz360
Free Cybersecurity Education and Ethical Hacking
🔥YOUTUBE ALGORITHM ➡ Like, Comment, & Subscribe!
🙏SUPPORT THE CHANNEL ➡ https://jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ https://jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ https://jh.live/discord ↔ https://jh.live/twitter ↔ https://jh.live/linkedin ↔ https://jh.live/instagram ↔ https://jh.live/tiktok
💥 SEND ME MALWARE ➡ https://jh.live/malware
by John Hammond
linux web server
i missed the ctf 🙁 is there a way to play it afterwards?
I'm pretty attracted by this. That teaches us no one shouldn't send back any external info without any sanitization to front-end, or at least hide server infos with using apache, nginx, litespeed kinda stuff.
Plz upload the solution of finders keepers
Easy he says
This is why your the best! 🎉
that was marked as an easy challenge? rip
Awesome content💥💥💥
I spent way too much time trying to get the snyk scan to work and got so frustrated. "Snyk Code is not supported for org: enable in settings > Snyk code" How?
snyk test or monitor "tested 74 dependencies for knowin issues, no vulnerable paths found." ?
Remember kids, this is not supposed to be difficult. It's just a warmup to loosen your fingers and be ready for the tough stuff.
I must say it is kind of funny Snyk, as a SAST vendor, didn't alert on the vulnerability.
Really fun CTF but honestly, some of the "warm up" exercises (like this one) should have been in the medium category.
❤❤❤❤❤❤❤❤❤❤❤
I kept trying to figure out how to read the flag.txt file using the include function from ejs itself, but you can only load .ejs files that way. I didn't realize it's basically an eval where you can do anything within Node.
Best content every time 🎉plz share How to hack WhatsApp plz make a brief vedio ❤
i defaced a prime minister's website 11 years ago. I never spoke about it publicly because too little time passed and i was afraid of getting prosecuted lol. it was fun, 11 years ago i had just finished high school and ended my education on that. never went to the uni, didnt wan't to waste my precious time so i found a job in IT instead and here i am 🙂
Felt like these were too involved for "warm-up" flags and descriptions weren't great either. This flags description said Snyk can find it. I spent hours trying to figure out Snyk, only to find out it can't find it (at least from what I could see)
Absolutely ROCKING the OnlyFeet t-shirt, Juan!
I was honestly too dumb to solve everything past the "Read the rules" challenge, although I now could easily follow along when you described and explained it now. Or maybe I was simply too tired…
good man John Hammond, good man
I really enjoyed the CTF! Thanks