مقدمة

In this video walk-through, we covered the detection, exploitation and remediation of Server Side Template Injection Vulnerability.

What is Server Side Template Injection?
Server Side Template Injection (SSTI) is a web exploit which takes advantage of an insecure implementation of a template engine.

What is a template engine?
A template engine allows you to create static template files which can be re-used in your application.

What is the impact of SSTI?
As the name suggests, SSTI is a server side exploit, rather than client side such as cross site scripting (XSS).

This means that vulnerabilities are even more critical, because instead of an account on the website being hijacked (common use of XSS), the server instead gets hijacked.

The possibilities are endless, however the main goal is typically to gain remote code execution.

احصل على ملاحظات شهادة OSCP

الإجابات

What sequence of characters causes the application to throw an error?
What template engine is being used in this application?
How do you start a comment in Jinja2?
What is the result of the “whoami” shell command?
What payload was used to confirm SSTI?
جولة بالفيديو

 

 

,
عرض التعليقات

معتصم

عن المؤلف

أقوم بإنشاء ملاحظات حول الأمن السيبراني وملاحظات التسويق الرقمي والدورات التدريبية عبر الإنترنت. أقدم أيضًا استشارات التسويق الرقمي بما في ذلك، على سبيل المثال لا الحصر، تحسين محركات البحث وإعلانات Google وMeta وإدارة CRM.

عرض المقالات