Hi, I'm writing in regard to Doctor's foothold.
From what I've found & read here, the only thing I see is that 'New Message' in 'Doctor Secure Messaging' may be vulnerable to Server Side Template Injection. After analysis of HTTP communication I feel that it's Python.
I tried all Python related injections (from https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server Side Template Injection) but nothing works. I also verified (for sanity) other languages ...
Am I going in the right way ? Should the injection be escaped or what :> Could you help me without spoiling ?