Introduction

In this video walk-through, we covered the detection, exploitation and remediation of Server Side Template Injection Vulnerability.

What is Server Side Template Injection?
Server Side Template Injection (SSTI) is a web exploit which takes advantage of an insecure implementation of a template engine.

What is a template engine?
A template engine allows you to create static template files which can be re-used in your application.

What is the impact of SSTI?
As the name suggests, SSTI is a server side exploit, rather than client side such as cross site scripting (XSS).

This means that vulnerabilities are even more critical, because instead of an account on the website being hijacked (common use of XSS), the server instead gets hijacked.

The possibilities are endless, however the main goal is typically to gain remote code execution.

Obtenir les notes du certificat OSCP

Réponses

What sequence of characters causes the application to throw an error?
What template engine is being used in this application?
How do you start a comment in Jinja2?
What is the result of the “whoami” shell command?
What payload was used to confirm SSTI?
Vidéo pas à pas

 

 

,
Montrer les Commentaires

Motasem

A propos de l'Auteur

Je crée des notes de cybersécurité, des notes de marketing numérique et des cours en ligne. Je fournis également des conseils en marketing numérique, y compris, mais sans s'y limiter, le référencement, les publicités Google et Meta et l'administration CRM.

Voir les Articles