By | February 17, 2021

In this article, we are telling you about Server Side Template Injection Payloads like how Server Side Template Injection Payloads are injected into a website.

We have already told you about Server Side Template Injection, if you have not read that article of ours, then you must read it first, then only you can understand this article.

Here we are telling you the Server Side Template Injection Payloads using the labs of portswigger, when you have not been told earlier that you are being told all this for educational purpose.

Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.

Server Side Template Injection Payloads ?

By the way, you get many types of Server Side Template Injection Payloads which you can use, here we are telling you how you can find this bug on some kind of website.

Server Side Template Injection Payloads

Also Read

How to bypass 403 forbidden ?

Cross site request forgery attack

What is json vulnerabilities owasp

Basic server side template injection ?

First of all, you have to run the burp suite normally as you have been told in all the earlier articles, similarly you have to run the burp suite normally here as well.

https://portswigger.net/web-security/server-side-template-injection/exploiting/lab-server-side-template-injection-basic

Server Side Template Injection Payloads

After doing all this you can access lab as you can see in the image, you have to access lab here, after this you can inject Server Side Template Injection Payloads.

Server Side Template Injection Payloads

After accessing the lab, the home page opens in front of you in such a way that you can see here when you click on the view details, in such a way you will be able to see the message of out of stock.

Server Side Template Injection Payloads

After doing all this, you intercept once again and click on the view details in such a way that your request is captured and we have to decode and inject Simple Server Side Template Injection Payloads here.

Server Side Template Injection Payloads

As you can see in the image, in a similar way you also have to inject Server Side Template Injection Payloads, by doing this you will be able to see this payload reflecting on your home page.

Server Side Template Injection Payloads

In this way, you can find the server side Template Injection Payloads reflecting on the home page, here you can see it by changing the value as if you have got 49 by multiply here, you can also change the digit.

What is http request smuggling vulnerability

Server Side Template Injection Payloads

Here we confirm that this website is vulnerable to Server Side Template Injection, but to solve the lab you have to do something even further, you have to use the decoder in this way.

Server Side Template Injection Payloads

And again when you capture the request live, in such a situation, you have to inject the Payloads Server Side Template Injection there, you will be able to see that you will get the true message printed on the home page.

Server Side Template Injection Payloads

As you can see, as soon as you get the true message printed, the lab of your Server Side Template Injection is also solved and you also get a message of congratulations.

What is file path traversal vulnerability

Basic server-side template injection (code context) ?

There are also other methods of injecting Server Side Template Injection Payloads which you know only after you solve all the labs of Server Side Template Injection.

Here also, first of all you have to do the same process as we had normally run the burp suite in the previous lab, similarly you have to run the burp suite first and also access the lab.

After accessing the lab you have to login as you can see in the image, you get the username and password to login as well, after login you have to go to my account.

After going to my account, you get the option of first name, nickname in this way, here you can use any option to inject Server Side Template Injection Payloads.

After doing all this you will be able to see that you get a post request in burp suite’s http history like this, here you have to send this request to repeater. How to do os command injection attack

As you can see in the image, after sending the request to the repeater you get something like this, here you get the first name parameter, this is what we have to inject the Server Side Template Injection Payloads

After doing all this, when you send the request, in this way you will see that the button of the follow redirection is shown, here you have to click on the button of the follow redirection.

By doing this, you will see that you will get change in response as well as your payload is also reflected in the comment section, here you get posts on the home page, you get the comment section.

Here you can comment before and after that you can inject Server Side Template Injection Payloads, even if you can do it later also, in both the condition your Server Side Template Injection Payloads is injected.

You can also change the request from here, as you will be able to see that your post request is automatically changed to get request, in such a way, if you have to inject Server Side Template Injection Payloads again, then you can post request from here again.

After doing all this, you have to inject Server Side Template Injection Payloads in such a way to solve labs, as you can see in the image all this information you get with labs.

After doing all this, you will be able to see that this lab of Server Side Template Injection will be solved as you can see in the image, you have got a message of congratulations here.

The Conclusion

I hope that now you can understand about Server Side Template Injection Payloads. We have told you here how you can inject Server Side Template Injection Payloads.

It is not that there are other methods to inject Payloads in Server Side Template Injection, or if you say in easy language then you can say that you can do whatever you want.

But you have to keep in mind that wherever you are injecting the Server Side Template Injection Payloads, you must reflect and get its output on the home page.

If you get any error related to your Server Side Template Injection Payloads or in any way to solve its labs, in such a way, you can ask us in a comment, your full help will be done from our side.

Subscribe to our blog for latest updates

Sharing is Caring

Thankyou

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *