coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GitBook: [master] one page modified

Browse Source
This commit is contained in:
CPol 2020-07-26 18:06:17 +00:00 committed by gitbook-bot
parent 773c42a07f
commit 8963530f84
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pentesting-web/ssti-server-side-template-injection.md
View File

@ -276,6 +276,18 @@ Django is going to be using as template engine **Jinja2**.
Check the rest of [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection) for more exploits. Also you can find interesting tags information in [https://github.com/DiogoMRSilva/websitesVulnerableToSSTI](https://github.com/DiogoMRSilva/websitesVulnerableToSSTI)
### Mojolicious \(Perl\)
Even if it's perl it uses tags like ERB in Ruby.
* `<%= 7*7 %> = 49`
* `<%= foobar %> = Error`
```text
<%= perl code %>
<% perl code %>
```
## BlackHat PDF
{% file src="../.gitbook/assets/en-server-side-template-injection-rce-for-the-modern-web-app-blackhat-15.pdf" %}