← LibraryTechnique entry
W-SSTI-FREEMARKERExecution
SSTI — Freemarker / Velocity
${} / #{} template expressions reach Java ProcessBuilder via reflection — typical in Atlassian Confluence / Bitbucket exploits.
§ Where this technique fits
W-SSTI-FREEMARKER is catalogued under the Execution tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.