From 9425cec068483250914caa90c293e6e07f328170 Mon Sep 17 00:00:00 2001
From: Swissky <12152583+swisskyrepo@users.noreply.github.com>
Date: Mon, 25 Nov 2024 18:42:36 +0100
Subject: [PATCH] Handlebars - Basic Injection

---
 Server Side Template Injection/JavaScript.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/Server Side Template Injection/JavaScript.md b/Server Side Template Injection/JavaScript.md
index 52167eb..a69cda9 100644
--- a/Server Side Template Injection/JavaScript.md	
+++ b/Server Side Template Injection/JavaScript.md	
@@ -7,6 +7,7 @@
 
 - [Templating Libraries](#templating-libraries)
 - [Handlebars](#handlebars)
+    - [Handlebars - Basic Injection](#handlebars---basic-injection)
     - [Handlebars - Command Execution](#handlebars---command-execution)
 - [Lodash](#Lodash)
     - [Lodash - Basic Injection](#lodash---basic-injection)
@@ -38,8 +39,21 @@
 [Official website](https://handlebarsjs.com/)
 > Handlebars compiles templates into JavaScript functions.
 
+### Handlebars - Basic Injection
+
+```js
+{{this}}
+{{self}}
+```
+
 ### Handlebars - Command Execution
 
+This payload only work in handlebars versions, fixed in [GHSA-q42p-pg8m-cqh6](https://github.com/advisories/GHSA-q42p-pg8m-cqh6):
+
+* `>= 4.1.0`, `< 4.1.2`
+* `>= 4.0.0`, `< 4.0.14`
+* `< 3.0.7`
+
 ```handlebars
 {{#with "s" as |string|}}
   {{#with "e"}}
@@ -67,6 +81,7 @@
 ## Lodash
 
 [Official website](https://lodash.com/docs/4.17.15)
+> A modern JavaScript utility library delivering modularity, performance & extras.
 
 ### Lodash - Basic Injection