admin/PayloadsAllTHINGS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SSI, SSTI:

Browse Source 
- Improved MarkDown
This commit is contained in:
vladko312
2026-01-03 22:20:19 +03:00
parent 4831e36fb8
commit 09a5f07345
4 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Server Side Template Injection/README.md
View File

@@ -53,9 +53,9 @@
Original research:
- Rendered, Time-Based: [Server-Side Template Injection: RCE For The Modern Web App - James Kettle - August 05, 2015](https://portswigger.net/knowledgebase/papers/serversidetemplateinjection.pdf)
- Polyglot-Based: [Improving the Detection and Identification of Template Engines for Large-Scale Template Injection Scanning - Maximilian Hildebrand - September 19, 2023](https://www.hackmanit.de/images/download/thesis/Improving-the-Detection-and-Identification-of-Template-Engines-for-Large-Scale-Template-Injection-Scanning-Maximilian-Hildebrand-Master-Thesis-Hackmanit.pdf)
- Error-Based, Boolean-Based: [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
* Rendered, Time-Based: [Server-Side Template Injection: RCE For The Modern Web App - James Kettle - August 05, 2015](https://portswigger.net/knowledgebase/papers/serversidetemplateinjection.pdf)
* Polyglot-Based: [Improving the Detection and Identification of Template Engines for Large-Scale Template Injection Scanning - Maximilian Hildebrand - September 19, 2023](https://www.hackmanit.de/images/download/thesis/Improving-the-Detection-and-Identification-of-Template-Engines-for-Large-Scale-Template-Injection-Scanning-Maximilian-Hildebrand-Master-Thesis-Hackmanit.pdf)
* Error-Based, Boolean-Based: [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
#### Rendered
@@ -117,7 +117,7 @@ ${{<%[%'"}}%\.
Common tags to test for SSTI with code evaluation:
```
```powershell
{{ ... }}
${ ... }
#{ ... }
@@ -133,13 +133,13 @@ ${ ... }
Rendered SSTI can be checked by using mathematical expressions inside the tags:
```
```powershell
7 * 7
```
Error-Based SSTI can be checked by using this payload inside the tags:
```
```powershell
(1/0).zxy.zxy
```