SSTI (Server-Side Template Injection)

Last modified: 2022-12-01

Web

Automation

Tplmap is a program for Server-Side Template Injection and Code Injection.

./tplmap.py -u http://vulnerable.com/?name=test

Identify the Template Engine

a{*comment*}b       -> Smarty
${"z".join("ab")}   -> Mako or ???
{{ '7'*7 }}         -> Jinja2 or Twig or ???