MemeShare

Prerequisites & Requirements

• Familiarity with archive basic vulnerabilities
• Familiarity with Python scripting
• Familiarity with Server Side Template Injection (SSTi) vulnerability

What will you learn?

• How archive extraction can lead to path traversal (zip-slip/tar-slip).
• How to craft a minimal image carrier (BMP) that passes naive image checks.
• How to inject template code into overwritten templates (SSTI).
• How SSTI can lead to remote code execution and reading sensitive files.

Tools

• Burp Suite (optional, for request replay/inspection).
• A simple hex editor or small script to craft/modify BMP bytes.