gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-01-11 12:35:19 -08:00
Code Issues Packages Projects Releases Wiki Activity

Normalize page header for SSTI, SAML, SSI

Browse Source
This commit is contained in:
Swissky
2024-11-10 19:14:16 +01:00
parent 1a3e605d64
commit a338b2f12a
13 changed files with 105 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Server Side Template Injection/JavaScript.md
View File

@@ -1,5 +1,8 @@
# Server Side Template Injection - JavaScript
> Server-Side Template Injection (SSTI) occurs when an attacker can inject malicious code into a server-side template, causing the server to execute arbitrary commands. In the context of JavaScript, SSTI vulnerabilities can arise when using server-side templating engines like Handlebars, EJS, or Pug, where user input is integrated into templates without adequate sanitization.
## Summary
- [Templating Libraries](#templating-libraries)
@@ -10,6 +13,7 @@
- [Lodash - Command Execution](#lodash---command-execution)
- [References](#references)
## Templating Libraries
| Template Name | Payload Format |