Finding the Injection Point

There are a few places we can look within an application, such as the URL or an input box

Make sure to check for hidden inputs

Fuzzing

It's a technique to check whether the server is vulnerable or not by sending multiple characters, so that it interferes with the backend system

Most template engines will use a similar character set for their special functions which makes it relatively quick to detect if it's vulnerable to SSTI or not !

The following characters are known to be used in quite a few template engines

${{<%[%'"}}%

PreviousSSTI NextIndentification

Last updated 2 years ago