Top SSTI reports from HackerOne:
- H1514 Server Side Template Injection in Return Magic email templates? to Shopify - 401 upvotes, $0
- Path traversal, SSTI and RCE on a MailRu acquisition to Mail.ru - 152 upvotes, $2000
- Urgent: Server side template injection via Smarty template allows for RCE to Unikrn - 117 upvotes, $0
- Reflected XSS and Server Side Template Injection in all HubSpot CMSes to HubSpot - 64 upvotes, $0
- Python : Add query to detect Server Side Template Injection to GitHub Security Lab - 29 upvotes, $0
- Server Side Template Injection on Name parameter during Sign Up process to Glovo - 21 upvotes, $0
- [Ruby]: Server Side Template Injection to GitHub Security Lab - 13 upvotes, $2300
- CodeQL query to detect Server-Side Template Injections (JavaScript) to GitHub Security Lab - 8 upvotes, $0
- Server-side Template Injection in lodash.js to Node.js third-party modules - 7 upvotes, $0
- Server-side template injection at ujs test server to Ruby on Rails - 4 upvotes, $0
- Java : Add query to detect Server Side Template Injection (SSTI) to GitHub Security Lab - 4 upvotes, $0