In this video walk-through, we covered the detection, exploitation and remediation of Server Side Template Injection Vulnerability.
What is Server Side Template Injection?
Server Side Template Injection (SSTI) is a web exploit which takes advantage of an insecure implementation of a template engine.
What is a template engine?
A template engine allows you to create static template files which can be re-used in your application.
What is the impact of SSTI?
As the name suggests, SSTI is a server side exploit, rather than client side such as cross site scripting (XSS).
This means that vulnerabilities are even more critical, because instead of an account on the website being hijacked (common use of XSS), the server instead gets hijacked.
The possibilities are endless, however the main goal is typically to gain remote code execution.