SSTI (Server-Side Template Injection)

Last modified: 2023-10-02

Web

Automation

Tplmap is a program for Server-Side Template Injection and Code Injection.

./tplmap.py -u http://vulnerable.com/?name=test

Identify the Template Engine

Payload Template Engine
a{*comment*}b Smarty
${"z".join("ab")} Mako or ???
{{ '7'*7 }} Jinja2 or Twig or ???