SKILL: Expression Language Injection — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert EL injection techniques covering SpEL (Spring), OGNL (Struts2), and Java EL (JSP/JSF). Distinct from SSTI — EL injection targets expression evaluators in Java frameworks, not template engines. Covers sandbox bypass, _memberAccess manipulation, actuator abuse, and real-world CVE chains.

0. RELATED ROUTING

ssti-server-side-template-injection for template engines (Jinja2, FreeMarker, Twig) — different attack surface
jndi-injection when EL evaluation leads to JNDI lookup

Key distinction: SSTI targets template rendering engines; EL injection targets expression evaluators embedded in Java frameworks. They share detection probes (${7*7}) but diverge in exploitation.

1. DETECTION — POLYGLOT PROBES

Related skills

More from yaklang/hack-skills

Installs

491

Repository

yaklang/hack-skills

GitHub Stars

628

First Seen

Apr 9, 2026

Security Audits

Gen Agent Trust HubFail

SocketWarn

SnykFail

expression-language-injection

SKILL: Expression Language Injection — Expert Attack Playbook

0. RELATED ROUTING

1. DETECTION — POLYGLOT PROBES

More from yaklang/hack-skills

hack

xss-cross-site-scripting

sqli-sql-injection

ssrf-server-side-request-forgery

api-sec

api-recon-and-docs