Myles Nieman
← All writeups

SSTI

2 writeups

RedPanda

Easy

A Spring Boot search page reflects user input into a Server-Side Template Injection sink, giving RCE as woodenk; a root-owned log-parser cron is then …

Linux

TemplTrap

Easy

A Langflow AI server exposed on port 80 is exploited via CVE-2026-0770 (SSTI RCE) for an initial shell as karen; screen 5.0.0 setuid-root logging …

Linux