Hello Friends,

I’m Rem01x And I’m Currently Preparing For The eWPTX Exam So I Will Be Walking Through All PortSwigger Labs And Make Sure To Make Writeups For All Of Them.

Let’s Start Now.

Assume that we have this website.

Now, Let’s do some recon in the application.

Please notice the parameter message value that was reflected on the page.

Let’s try to replace the message with simple SSTI payload like.

<%= 7/0 %>

Oh great we got an error because we can’t divide any number by 0.

Okay now we know that the programming language used is ruby and the framework is ERB.

Now let’s try to enter system command

<%= system("whoami") %>