diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md index fe8a636..add2466 100644 --- a/Server Side Template Injection/README.md +++ b/Server Side Template Injection/README.md @@ -71,9 +71,10 @@ python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=InjectHere*&comment ## ASP.NET Razor -### ASP.NET Razor - Basic injection +[Official website](https://docs.microsoft.com/en-us/aspnet/web-pages/overview/getting-started/introducing-razor-syntax-c) +> Razor is a markup syntax that lets you embed server-based code (Visual Basic and C#) into web pages. -https://docs.microsoft.com/en-us/aspnet/web-pages/overview/getting-started/introducing-razor-syntax-c +### ASP.NET Razor - Basic injection ```powershell @(1+2) @@ -91,6 +92,9 @@ https://docs.microsoft.com/en-us/aspnet/web-pages/overview/getting-started/intro ## Expression Language EL +[Official website](https://docs.oracle.com/javaee/6/tutorial/doc/gjddd.html) +> Expression Language (EL) is mechanism that simplifies the accessibility of the data stored in Java bean component and other object like request, session and application, etc. There are many operators in JSP that are used in EL like arithmetic and logical operators to perform an expression. It was introduced in JSP 2.0 + ### Expression Language EL - Basic injection ```java @@ -142,11 +146,14 @@ ${facesContext.getExternalContext().setResponseHeader("output","".getClass().for ## Freemarker +[Official website](https://freemarker.apache.org/) +> Apache FreeMarkerâ„¢ is a template engine: a Java library to generate text output (HTML web pages, e-mails, configuration files, source code, etc.) based on templates and changing data. + You can try your payloads at [https://try.freemarker.apache.org](https://try.freemarker.apache.org) ### Freemarker - Basic injection -The template can be `${3*3}` or the legacy `#{3*3}` +The template can be `${3*3}` or the legacy `#{3*3}`. ### Freemarker - Code execution @@ -172,6 +179,9 @@ ${dwf.newInstance(ec,null)("id")} ## Handlebars +[Official website](https://github.com/HubSpot/jinjava) +> + ### Handlebars - Command Execution ```handlebars @@ -200,6 +210,9 @@ ${dwf.newInstance(ec,null)("id")} ## Jade / Codepen +[Official website](https://github.com/HubSpot/jinjava) +> + ```python - var x = root.process - x = x.mainModule.require