Discover and read the best of Twitter Threads about #ssti
Most recents (2)
1/
Vuln: SSTI
Severity: Severity of the issue depends on from the engine that has been used
Server-side template injection occurs when user input is unsafely embedded into a server-side template, allowing users to inject template directives.
#bugbountytips #securitytips #SSTI
Vuln: SSTI
Severity: Severity of the issue depends on from the engine that has been used
Server-side template injection occurs when user input is unsafely embedded into a server-side template, allowing users to inject template directives.
#bugbountytips #securitytips #SSTI
2/
Constructing a server-side template injection attack
Detect → Identify → Exploit
- Detect if SST is vulnerable to attack
• Identify the engine that the server uses. There are a huge number of templating languages, characters.
• Develop exploit on received data
Constructing a server-side template injection attack
Detect → Identify → Exploit
- Detect if SST is vulnerable to attack
• Identify the engine that the server uses. There are a huge number of templating languages, characters.
• Develop exploit on received data
3/
How you can detect SSTI:
Try fuzzing the template by injecting a sequence of special characters, such as `${{<%[%'"}}%`
Vulnerable code: render('Hello ' + username)
Request: "vulnerable-website.com/?username=${7*7}"
If the resulting output - `Hello 49` executes a mathematical operation
How you can detect SSTI:
Try fuzzing the template by injecting a sequence of special characters, such as `${{<%[%'"}}%`
Vulnerable code: render('Hello ' + username)
Request: "vulnerable-website.com/?username=${7*7}"
If the resulting output - `Hello 49` executes a mathematical operation
Here's a list of free #PenetrationTesting and #RedTeam Labs you may set up in your own home to enhance your #hacking abilities :
1) Red Team Attack Lab
A simulated setting where red teams can practice exploiting #vulnerabilities in various operating systems.
lnkd.in/ernefQv8
A simulated setting where red teams can practice exploiting #vulnerabilities in various operating systems.
lnkd.in/ernefQv8
2) Capsulecorp Pentest
#Capsulecorp is a lightweight virtual infrastructure operated using Vagrant and Ansible. One #Linux attacking system running #Xubuntu is included, along with four #Windows 2019 servers hosting a variety of #exploitable services.
lnkd.in/eYfGmNBe
#Capsulecorp is a lightweight virtual infrastructure operated using Vagrant and Ansible. One #Linux attacking system running #Xubuntu is included, along with four #Windows 2019 servers hosting a variety of #exploitable services.
lnkd.in/eYfGmNBe
