Day 98 comes with some readings on continuos recon.
limited freemarker ssti to arbitrary liql query and manage lithium cms by “blog.mert.ninja”
From Rajesh Ranjan. He send an interesting article related to SSTI with a pretty common liql template. It is interesting on how the author can identify the attack vector. You can find the full article here.
Web Cache Poisoning Labs
From Sam (CoffeeJunkie). Before traveling, I spent looking for common web cache vulnerabilities in some of my targets. The results from applying Portswigger Labs was pretty handy due to the practice and methods learned in the lab. If you’re interested in this kind of vulnerability there is an amazing talk from James Kettle.
Besides that I strongly recommend the following article to read:
And of course, the portswigger labs where you can find it here: