SSI:
- Added SSTImap to the tools, as it now supports SSI detection and exploitation SSTI: - Added description for known detection and exploitation techniques - Added payloads for universal detection - Added universal payloads for different languages - Added Error-Based and Boolean-Based payloads - Moved SpEL payloads using `T()` to the correct category - Moved Pug payloads to the correct language and updated info to reflect the actual name
This commit is contained in:
vladko312
@@ -4,10 +4,21 @@
|
||||
|
||||
## Summary
|
||||
|
||||
* [Tools](#tools)
|
||||
* [Methodology](#methodology)
|
||||
* [Edge Side Inclusion](#edge-side-inclusion)
|
||||
* [References](#references)
|
||||
|
||||
## Tools
|
||||
|
||||
- [vladko312/SSTImap](https://github.com/vladko312/SSTImap) - Automatic SSTI detection tool with interactive interface based on [epinna/tplmap](https://github.com/epinna/tplmap), supports SSI detection and exploitation with `--legacy` or `-e SSI`
|
||||
|
||||
```bash
|
||||
python3 ./sstimap.py -u 'https://example.com/page?name=John' --legacy -s
|
||||
python3 ./sstimap.py -i -u 'https://example.com/page?name=Vulnerable*&message=My_message' -l 5 -e SSI
|
||||
python3 ./sstimap.py -i --legacy -A -m POST -l 5 -H 'Authorization: Basic bG9naW46c2VjcmV0X3Bhc3N3b3Jk'
|
||||
```
|
||||
|
||||
## Methodology
|
||||
|
||||
SSI Injection occurs when an attacker can input Server Side Include directives into a web application. SSIs are directives that can include files, execute commands, or print environment variables/attributes. If user input is not properly sanitized within an SSI context, this input can be used to manipulate server-side behavior and access sensitive information or execute commands.
|
||||
|
||||
Reference in New Issue
Block a user