Exploiting SSTI in a Modern Spring Boot Application (3.3.4) 👤 by parzel The article explores exploiting a Server-Side Template Injection (SSTI) vulnerability in a Spring Boot 3.3.4 application using Thymeleaf, leading to Remote Code Execution (RCE). It highlights the process of injecting malicious input to trigger Java reflection and bypass security defenses in modern framework. The post provides a detailed walkthrough of achieving RCE despite the robust safeguards present, emphasizing the complexity of exploiting such vulnerabilities in contemporary applications. 📝 Contents: ● Identifying the Bug ● Facing Problems ● Bypassing the Defenses ● Developing the Exploit https://modzero.com/en/blog/spring_boot_ssti/