https://stream.echo6.co/videos/watch/b2e888aa-85f3-477d-8c3d-4b5a17ab88fa 00:00 - Introduction 01:00 - Start of nmap 02:00 - Taking a look at the website 04:00 - Testing the Get a Quote feature for XSS 06:30 - Weaponizing the img src xss test by adding fetch to attempt to exfil the cookies 10:00 - Looking at the dashboard and seeing what features are available 13:00 - Discovering SSTI in the QR Code Feature, can do basic SSTI but any complex fails without any evasion 18:30 - Explaining the SSTI Evasion with Jinja2/Python 25:45 - Shell returned on the machine, discovering Consuela's password in MYSQL 29:45 - Consuela can run qpdf as rood, looking at the man page and discovering it can attach files Wed, 15 Apr 2026 09:24:06 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/b2e888aa-85f3-477d-8c3d-4b5a17ab88fa All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.