SSTI (Server-Side Template Injection)
Last modified: 2023-10-02
Web
Automation
Tplmap is a program for Server-Side Template Injection and Code Injection.
./tplmap.py -u http://vulnerable.com/?name=test
Identify the Template Engine
Payload | Template Engine |
---|---|
a{*comment*}b |
Smarty |
${"z".join("ab")} |
Mako or ??? |
{{ '7'*7 }} |
Jinja2 or Twig or ??? |