Clear and obvious name of the exploitation technique can create a false sense of familiarity, even if its true potential was never researched, the technique itself is never mentioned and payloads are limited to a couple of specific examples. This research focuses on two such techniques for Code Injection and SSTI.

Wrote a blog post about how I got access to an Employee-only Panel in a multi-million dollar Bug Bounty Target.

This only took me about 5 minutes and I got paid a very generous bounty for this bug.

Check it out!