mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 19:36:33 +00:00

Files

T

History

copilot-swe-agent[bot] 68b76036df Add comprehensive payloads and 4 new vulnerability types (SSTI, HTTP Request Smuggling, CORS, JWT)

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

2026-01-05 14:50:15 +00:00

README.md

Add comprehensive payloads and 4 new vulnerability types (SSTI, HTTP Request Smuggling, CORS, JWT)

2026-01-05 14:50:15 +00:00

ssti-payloads.txt

Add comprehensive payloads and 4 new vulnerability types (SSTI, HTTP Request Smuggling, CORS, JWT)

2026-01-05 14:50:15 +00:00

README.md

Server-Side Template Injection (SSTI)

Description

Server-Side Template Injection occurs when user input is embedded in a template in an unsafe manner, allowing attackers to inject template directives and execute arbitrary code on the server. SSTI can lead to remote code execution, information disclosure, and complete server compromise.

Common Vulnerable Template Engines

Jinja2 (Python - Flask, Django)
Twig (PHP)
Freemarker (Java)
Velocity (Java)
Smarty (PHP)
Pug/Jade (Node.js)
ERB (Ruby on Rails)
Thymeleaf (Java)

Common Attack Vectors

User input in template rendering
Email templates with user-controlled content
Error messages with dynamic content
Markdown/Wiki renderers
PDF generators
Report generators

Testing Approach

Inject template syntax like {{7*7}} or ${7*7} in input fields
Observe if mathematical expressions are evaluated
Identify the template engine through error messages or syntax
Escalate to code execution using engine-specific payloads

Detection Methods

Submit polyglot payloads: ${{<%[%'"}}%\
Test mathematical operations: {{7*7}}, ${7*7}
Check for template-specific syntax errors
Analyze response differences

Payloads

See ssti-payloads.txt for a comprehensive list of SSTI payloads.