Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

Question

None of the three apps are “breaking” for me.&nbsp; For example the input of {{ dump(_SERVER) }} should return server information in at least one example.&nbsp; But nope.&nbsp;

netcat · Answer

I'm sure you entered the SSTI, submitted it and looked at the result. Is there no link?

netcat · Answer

I just took the sample payload from the briefing, and it works on the first app, causing an error.I think there's only one app using twig, where the above string would trigger.SSTI...not my favorite.

quicksloth · Answer

&gt; I think there's only one app using twigI know.&nbsp; And I know which one is running twig.&nbsp; But I try all three for completeness.&nbsp;I tried this on three different days.&nbsp; And I'm still not able to get anything to return the system information.&nbsp;(Oops, meant this as a reply to netcat​ )

quicksloth · Answer

&gt; I just took the sample payload from the briefingSorry, which payload is that?

netcat · Answer

This one: {{$&lt;%=(*`|.'#-%&gt;;}}

Forum Discussion

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

10 Replies

Featured Places

Help & Support Forum

Related Content

Server-Side Request Forgery

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Combatting Software Vulnerabilities with GenAI

CVE-2024-5910: Understanding the Critical Expedition Vulnerability

New CTI Lab: CUPS Remote Code Execution Vulnerability – Defensive

Recent Discussions

AI: Plugin Injection - Demonstrate Your Skills

A Letter to Santa

Hack Your First Web App: Ep.6 - Hydra

GuardDuty: Demonstrate Your Skills

Infrastructure Hacking: Responder Network Poisoning