RedPanda - HackTheBox Writeup (10.10.11.170)
Easy-difficulty Linux box on exploiting a server-side template injection vulnerability in a Spring Boot web application, then a not-so-easy privilege escalation involving an XML external entity injection vulnerability in a custom view counter script.