Server side template injection — SSTI vulnerability ⚠️

What is Server Side Template Injection?

How Do Server-Side Templates Work?

POST /endpoint-detail HTTP/1.1Host: example.comparameter=test_data
  1. You may send a polyglot value, e.g. ${{<%[%’”}}%\., which is a particular pattern used in general for such tests. After the engine displays an error message, you may diagnose the URL in the alert text and figure out the right syntax to try for the template engine.
  2. When the error message do not reveal engine details, use the known syntax that are useful for various template engines, e.g.:
POST /endpoint-detail HTTP/1.1Host: example.comparameter={% debug %}
POST /endpoint-detail HTTP/1.1Host: example.comparameter={{settings.SECRET_KEY}}

The impact of Server Side Template Injection

  • Remote code execution.
  • Unauthorized admin-like access enabled for back-end servers;
  • Introduction of random files and corruption into your server-side systems;
  • Numerous cyberattacks on the inner infrastructure.

How to Detect SSTI?

  1. Plaintext

How to Identify SSTI?

Server Side Template Injection Attack Prevention

  1. Limited ‘Edit’ Access

The final word

--

--

--

CEO at Wallarm. Application security platform to prevent threats and discover vulnerabilities in a real-time.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

“Man’s nature is bad at birth”?

Vulnerabilities in Smart Contracts- ECDSA Signature Replay Attack

Introduction to Homomorphic Encryption

The term “homomorphic” comes from ancient Greek, meaning “same form”.

{UPDATE} Escape If You Can 5 (Room challenge games) Hack Free Resources Generator

{UPDATE} 神手麻将(血战到底)-麻将三缺一,等你来 Hack Free Resources Generator

Facebook Knows Everything About You

{UPDATE} Sherlocks Logic Puzzles 1+2+3 H Hack Free Resources Generator

Get Smart With WHM Security Tips for a Safer Server In 2021 — Blog- Web Hosting Services | Best…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ivan Novikov

Ivan Novikov

CEO at Wallarm. Application security platform to prevent threats and discover vulnerabilities in a real-time.

More from Medium

Tips to Prevent Businesses From Cyber Attacks

Hashing & Salting Part 2

COOKIES: AN EYE-OPENING GUIDE

How to Exploit Pwnkit: CVE-2021–4034?