Articles by Sven Morgenroth
Cross-site Scripting in React Web Applications
Goodbye XSS Auditor
The Problem of String Concatenation and Format String Vulnerabilities
DNSFS: Is it possible to use DNS as a file system?
Discovering and hacking IoT devices using web-based attacks
Bypassing disabled system functions
Using Google bots as an attack vector
The dangers of incorrect CSP implementations
Pros and Cons of DNS Over HTTPS
Detailed Explanation of PHP Type Juggling Vulnerabilities
Server-Side Template Injection Introduction & Example
This article introduces Server Side Templates and explains why and how they can be susceptible to Server-Side Template Injection vulnerabilities. It includes examples of HTML, PHP and CSS code and concludes with a list of recommendations on how to protect your web applications from attacks that exploit SSTI vulnerabilities.