Finding the Injection Point
There are a few places we can look within an application, such as the URL or an input box
Make sure to check for hidden inputs
Fuzzing
It's a technique to check whether the server is vulnerable or not by sending multiple characters, so that it interferes with the backend system
Most template engines will use a similar character set for their special functions which makes it relatively quick to detect if it's vulnerable to SSTI or not !
The following characters are known to be used in quite a few template engines
${{<%[%'"}}%
Last updated