ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 10:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #754 from noraj/patch-2

Browse Source 
SSTI: engine detection
This commit is contained in:
Swissky 2024-11-02 11:42:45 +01:00 committed by GitHub
commit 89c4098dc2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Server Side Template Injection/README.md
View File

@ -73,6 +73,7 @@ Based on the successful response, the attacker determines which template engine
* **Java**: Freemarker, Jinjava, Velocity, ... * **Java**: Freemarker, Jinjava, Velocity, ...
* **Ruby**: ERB, Slim, ... * **Ruby**: ERB, Slim, ...
[This post](https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756) summurize the syntax and detection method for most of the template engines for JavaScript, Python, Ruby, Java and PHP and how to differentiate between engines that use the same syntax.
### Escalate to Code Execution ### Escalate to Code Execution