By | October 19, 2020

In this article we are telling you about Server Side Template Injection like what is Server Side Template Injection, how SSTI works and how to find SSTI Vulnerability in websites

You might not have heard much of the name of Server Side Template Injection here because it is not much talked about vulnerability but if you get Server Side Template Injection vulnerability in a website, then you can get good bounty.

Here we are telling you practically about Server Side Template Injection but it does not mean that you will know everything about SSTI vulnerability in this article, our job is to guide you and gain deeply knowledge about it.

Note – This article is only for educational purpose.Don’t miss use your knowledge and skills.

What is Server Side Template Injection ?

Before going about practical about Server Side Template Injection, you should know what it is. Let’s know about it in detail but here you want to clear one thing as much as you are told about SSTI.

This is because the template engines which are used in websites are of many types, it is not possible to tell all about them in one article, in such a way, here you are being told about jinja2 and twig template engine.

Server Side Template Injection

First of all, you should know what a template engine is, as the name suggests, there is something in the source code of a template that is displayed to you, such as coding all the source code in our website home page.

Due to the same coding, the output is displayed in front of you, like in reflect XSS Attack, whatever we give in the input, we get it reflected and some of this is done in Server Side Template Injection

If you understand about it in easy language, then the use of template engines is used to display the content dynamically and all the companies use different template engines.

How Server Side Template Injection Works ?

We have told you about Xtreme Vulnerable Web Application, you also get the option of SSTI in it, here we are also telling you about SSTI in Xtreme Vulnerable Web Application and also in Jinja2 template.

Server Side Template Injection

As you can see in the image, the twig template engine has been used in Xtreme Vulnerable Web Application, in this way here we can run some basic payloads, in this way you can run payloads.

How to create payload (FUD RAT)

Create Payload using Powerful script ?

Server Side Template Injection

You get these payloads in github, you will be given the link here, you can see them using them, here you can also change the numbers and see as you can see in the image.

https://github.com/scspcommunity/Cyber-Sec-Resources/blob/master/Web%20Application%20Security/Server%20Side%20Template%20Injection/SSTI.md

Server Side Template Injection

In this way you can also use RCE payload, you can see all the payloads by clicking on the link, here you get some basic payloads which you can use.

Here we have used whoami instead of id in RCE payload, you can also see using some such basic commands, you can get an output show, you can see it using pwd as well as use other basic commands.

Here we want to clear your one thing, it does not happen that the payloads you are using in the twig template, you will get the same output only if you use it in the Jinja2 template also it changes.

You can also use Jinja2 in this way, but here you have to do lab setup, to do lab setup you have to install all these requirements, you have to run simple commands.

Server Side Template Injection

After doing all this, you can use Jinja2 by running the flask, if all your requirements are installed, in such a way a link is generated in front of you, as you can see in the image.

We use ssti.py here to do a lab setup of Server Side Template Injection. You have also used ssti.py file, you can also see using it, you are given the link here, in this way you have to create the file.

Here you have to create a file by copy paste into it and use it but you ssti-lab.py the file name, you get this code as soon as you click on the link.

https://github.com/scspcommunity/Cyber-Sec-Resources/blob/master/Web%20Application%20Security/Server%20Side%20Template%20Injection/SSTI.py

Here you take care of one thing. You have to create a file by the name of ssti-lab.py, if you do not do this, then you get an error, in this way you can use ssti lab.

Server Side Template Injection

In this way, the Server Side Template Injection bug works, when you click on the link in the browser, it opens in such a way that you can see it by reflecting your name here.

In some way, as you have been told, payloads work differently in all types of template engines, like in twig you were getting output multiply but here, continue print is getting output

In this way, you can also run Jinja2 payload and see what is the meaning of coding here, if you know programming languages, then you can understand it, but if you do not understand then you can tell in the comment.

We will tell you about this coding and also about other payloads of Server Side Template Injection in detail article. In this way you can use Server Side Template Injection.

The Conclusion

I hope now you know about Server Side Template Injection. We have told you here about twig and Jinja2 practically. There are also similar freemarker like template engines which are used.

As you have been told, almost all companies use different types of template engines, in such a way it is not possible to tell about all if you want to go about more Server Side Template Injection.

We will tell you about this and other payloads as well as other template engines in detail, now you can understand yourself how much knowledge you should have about vulnebalities to bug bounty.

If you have any questions related to or related to your Server Side Template Injection, then you can ask in the comments, we will help you on our behalf, I hope that you will not misuse any of the methods mentioned.

If you like this article of ours, then you must share it, here everything is told for free like facebook hacking, whatsapp hacking, bluetooth hacking iot hacking, you can read about any topic of CEH here.

Sharing is caring

Subscribe to our blog for latest updates

Thankyou

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *