we faced (w/ @celalerdik) an interesting ssti vulnerability on a bugcrowd’s program. we could show the traditional 49’ number when trying the ‘${7*7}’ command, also we could execute the `assign` directive reference like below. <#assign attribute1="ssti">
<#assign attribute2="test">
${attribute1}${attribute2}
//prints sstitest it clearly looked like freemarker template engine. but we…