First, we need to know what is a template engine?
-Separate the structure and presentation of content (UI) from the actual data or logic that produces that content.
– Have places for data. These locations, often referred to as tags or template variables, are replaced with the actual data when the template is rendered.
* I suggest that if you are familiar with Python, check this page from digitalocean.
Now what is SSTI?
If the server considers the user’s input as a template and processes it, a vulnerability has occurred
Identification method:
1-With FUZZING on the target
2- Knowledge of template engines and payloads: github1 , github2 , hacktricks
إذا كنت تسعى للسيطرة الكاملة🔥 على أنظمة الهدف، فإن أداة Shellfire هي الحل الأمثل لك! تتخصص هذه الأداة في استغلال ضعايا حقن الأوامر ويمكن استخدامها بكفاءة في استغلال ثغرات مثل LFI و RFI و SSTI والمزيد. لمعرفة المزيد واستكشاف ميزاته
https://github.com/unix-ninja/shellfire
SSTI payloads
- basic payloads 2. url_encoded payloads 3. hex_encoded payloads 4. base64_encoded payloads 5. unicode_encoded
https://github.com/Marven11/Fenjing
Tools for automation
1-nuclei
2-tplmap…
A series of basic payloads for testing and identifying the template engine
#SSTI
You must be logged in to post a comment.