Skip to content
/ server-side-template-injection Public

A threat actor may alter the template syntax on the vulnerable target to execute commands

License

AGPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

qeeqbox/server-side-template-injection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
server-side-template-injection.drawio
server-side-template-injection.drawio
 
 
server-side-template-injection.png
server-side-template-injection.png
 
 

Repository files navigation

A threat actor may use a native template syntax on the vulnerable target to execute commands

Example #1

  1. Threat actor sends a native template syntax to a vulnerable target that uses a template engine
  2. The target process the syntax and executes the result

Code

Target-Logic

@app.route('/welcome', methods=['GET'])
def welcome():
  user = request.args.get('user')
  template = f"<h1>Welcome, {user}!</h1>"
  return render_template_string(template)

Target-In

{{1+1}}

Target-Out

Welcome, 4

Impact

High

Names

  • Server Side Template Injection
  • SST injection

Risk

  • Command execution

Redemption

  • Input validation
  • Logic-less

ID

E0679353-0BB6-404B-A6CC-6F6305FF118C

References

About

A threat actor may alter the template syntax on the vulnerable target to execute commands

Topics

template server injection vulnerability side qeeqbox infosecsimplified

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Sponsor this project

 
Learn more about GitHub Sponsors