intigriti Profile Banner
Intigriti Profile
Intigriti

@intigriti

Followers
189K
Following
16K
Media
3K
Statuses
12K

Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍

Joined May 2016
Don't wanna be here? Send us removal request.
@intigriti
Intigriti
2 hours
What are your bug bounty goals for this year? 😎.
0
0
5
@intigriti
Intigriti
15 hours
We only got 2 solves so far, and we truly want to see more solutions coming in! 😎. That's why its time for the 3rd hint!. πŸ’‘"How many tables can you stack before the whole thing falls over?"
Tweet media one
0
0
4
@intigriti
Intigriti
15 hours
RT @UpCloud: πŸ”’ Security isn’t an afterthought at UpCloud, it’s built in. Thanks to our partnership with @intigriti, we’ve integrated bug b….
0
1
0
@intigriti
Intigriti
15 hours
First blood got acquired by @dr_brix & @terjanq! 🩸. Only a few days left, can you capture the flag and submit your solution before Friday 18th? 😎.
@intigriti
Intigriti
5 days
⏰ It's CHALLENGE O'CLOCK!.πŸ‘‰ Pop an alert before Friday the 18th of July.πŸ‘‰ Win €400 in SWAG prizes.πŸ‘‰ We'll release a tip for every 100 likes on this tweet.Thanks @J0R1AN for the challenge πŸ‘‡.
Tweet media one
0
1
10
@intigriti
Intigriti
1 day
Learn more about exploiting advanced SSTI vulnerabilities! πŸ‘‡ .
0
0
5
@intigriti
Intigriti
1 day
πŸ’‘ Quick tip!. Identified a template injection? And function calling is not possible? 🧐. Try to use native template engine features to bypass the restriction!. Example! πŸ‘‡
Tweet media one
2
11
58
@intigriti
Intigriti
2 days
Still 0 solves on this challenge πŸ‘€. Let's help with publishing one more tip!πŸ‘‡. "To script or not to script, let's make a poll to decide this question."
Tweet media one
1
0
13
@intigriti
Intigriti
2 days
What if you could only hunt for one vulnerability type for the rest of this year, which one would it be? 🀠.
17
0
31
@intigriti
Intigriti
3 days
Follow us @INTIGRITI if you'd like us to publish more of these articles! πŸ’™.
0
0
8
@intigriti
Intigriti
3 days
Most bug bounty hunters overlook GitHub. The place where developers accidentally commit API keys, database credentials, and internal URLs (almost every single day) 🀠. But do you also have what it takes to find those hard-coded secrets? 🧐 . In our most recent article, we
Tweet media one
1
17
96
@intigriti
Intigriti
3 days
00100100 01111011 01101010 01101110 01100100 01101001 00111010 01101100 01100100 01100001 01110000 00111010 00101111 00101111 01101001 01101110 01110100 01101001 01100111 01110010 01101001 01110100 01101001 00101101 01100101 01111000 01100001 01101101 01110000 01101100 01100101.
14
3
96
@intigriti
Intigriti
3 days
@J0R1AN Time for the first tip!. "My identifiers are no longer unique, how on earth will I tell them apart?"
Tweet media one
1
1
20
@intigriti
Intigriti
4 days
You found this simple SSTI. how are you going to escalate it? 🀠
Tweet media one
9
17
163
@intigriti
Intigriti
5 days
⏰ It's CHALLENGE O'CLOCK!.πŸ‘‰ Pop an alert before Friday the 18th of July.πŸ‘‰ Win €400 in SWAG prizes.πŸ‘‰ We'll release a tip for every 100 likes on this tweet.Thanks @J0R1AN for the challenge πŸ‘‡.
Tweet media one
4
13
164
@intigriti
Intigriti
5 days
That was it! We hope you've learned something new from this thread!. If you have enjoyed this thread:.1. Follow us @INTIGRITI for more of these threads! πŸ›.2. Retweet the first Tweet to share it with your friends πŸ’™.
0
0
4
@intigriti
Intigriti
5 days
If you'd like to learn more about identifying and exploiting server-side template injection vulnerabilities, make sure you read our detailed article! πŸ‘‡ .
1
0
6
@intigriti
Intigriti
5 days
Even with sandbox restrictions, we can exploit registered global objects using Twig's native features. This complex payload bypasses the sandbox by chaining objects and using filters:
Tweet media one
1
0
2
@intigriti
Intigriti
5 days
2️⃣ Bypassing sandbox restrictions. Let's now take a look at a more realistic example. When direct functions like file_get_contents() or system() are blocked in sandboxed environments, we'll need to resort to alternative exploitation methods. Here's a Twig example where the
Tweet media one
1
1
3
@intigriti
Intigriti
5 days
In this Ruby/Sinatra example, the name parameter is directly interpolated into the ERB template without validation. You could for example inject: ?name=%><%=`whoami`. This would execute the 'whoami' command on the server instead of just displaying a name!
Tweet media one
1
1
1
@intigriti
Intigriti
5 days
1️⃣ Basic SSTI exploitation. Let's start with the simplest example. Suppose you come across a target that directly embeds user input into template syntax without any sanitization. A simple proof of concept payload would allow you to execute arbitrary code on the server!
Tweet media one
1
1
1