WGOD!

The general member portfolio consists of software developers, company owners and investors. Our mission is to ensure that all shared content is clean and functional. For this reason, unfortunately, not every member is accepted. Please do not attempt to register for 1 software or 1 theme, membership is paid. You can join our telegram group below or send an e-mail to [email protected] to purchase the invite code for 10$.

Join Telegram

SSTI Server Side Template Injection

Info

Konu Hakkında Merhaba, tarihinde #WMEDU kategorisinde MrSynox tarafından oluşturulan SSTI Server Side Template Injection başlıklı konuyu okuyorsunuz. Bu konu şimdiye dek 746 kez görüntülenmiş, 0 yorum ve 0 tepki puanı almıştır...
Kategori Adı #WMEDU
Konu Başlığı SSTI Server Side Template Injection
Thread starter MrSynox
Start date
Replies
Views
First message reaction score
Son Mesaj Yazan MrSynox

MrSynox

Guest
New
16
11
Warez Point
Turkish Liras
0₺
Offline
SSTI Server Side Template Injection
1637850487162.png
What is Server Side Template Injection?
Server-Side Template Injection (SSTI) is a web use of a collection engine that takes advantage of the non-valuable.

What is the template engine?

A template engine allows you to create static template files that can be reused in your application.

Example of a page that stores information about a user
/profile/<user>.
The code might look like this in Python's Flask (for example)


1637850397497.png

It combines the codes and merges into this. In terms of this content, it can be dynamically loaded for the user to format a page.

Note: Flask is the web framework, Jinja2 is the machine used.

How can SSTI be exploited?
Consider the code above, specifically the template string. The variable user (with user input) is combined directly in the template instead of being passed as data. This means that anything provided as user input will be interpreted by the engine.

Note: The template engines themselves are not vulnerable, but rather an unsafe practice by the developer.


What is the effect of SSTI?
As the name suggests, SSTI is a server-side exploit rather than a client-side exploit like cross-site scripting (XSS).

This means that the vulnerabilities are even more critical because the server would have to be compromised rather than an account on the website (common use of XSS).

The possibilities are endless, but the main goal is often to achieve remote code execution.


How is the SSTI detected?
If it is rendered directly from the user, it means there is a vulnerability. To give an example: If the "49" given to the relevant parameter gives life, we do not say that there is a weakness.

1637850563526.png

Sample Payload:
GET /ssti/ssti.php?name={{_self.env.registerUndefinedFilterCallback(“shell_exec”)}}{{_self.env.getFilter(“dir”)}} HTTP/1.1

How to Take Precautions?

In order not to be exposed to the SSTI vulnerability, the pre-prepared HTML template should be rendered, not the value received from the user.
 
Guest
Help Users
  • No one is chatting at the moment.
  • aLeech:
    Guest wariclis has joined the room.
  • (Guest) wariclis:
    hi
    Quote
    (Guest) wariclis: hi
    Back
    Top