Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

Question

None of the three apps are “breaking” for me.&nbsp; For example the input of {{ dump(_SERVER) }} should return server information in at least one example.&nbsp; But nope.&nbsp;

netcat · Answer

I just took the sample payload from the briefing, and it works on the first app, causing an error.I think there's only one app using twig, where the above string would trigger.SSTI...not my favorite.

quicksloth · Answer

&gt; I think there's only one app using twigI know.&nbsp; And I know which one is running twig.&nbsp; But I try all three for completeness.&nbsp;I tried this on three different days.&nbsp; And I'm still not able to get anything to return the system information.&nbsp;(Oops, meant this as a reply to netcat​ )

quicksloth · Answer

&gt; I just took the sample payload from the briefingSorry, which payload is that?

netcat · Answer

This one: {{$&lt;%=(*`|.'#-%&gt;;}}

Forum Discussion

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

4 Replies

Featured Places

Help & Support Forum

Related Content

Server-Side Request Forgery

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Combatting Software Vulnerabilities with GenAI

CVE-2024-5910: Understanding the Critical Expedition Vulnerability

Understanding CVE-2023-49103: A Critical Vulnerability in ownCloud Graph API

Recent Discussions

Threat Hunting: Investigating a Fake PoC Q9

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

Stuck on "SQL Injection (Module 1) : File download"

MassMutual Node.js Developer - Basic Training

Incident Response