About SSTI (Server-Side Template Injection)
SSTI vulnerabilities occur when an attacker can inject malicious template code that gets executed on the server side. This happens when user input is directly concatenated into a template without proper sanitization.
Common SSTI Attack Types
Basic SSTI: Simple template injection using basic payloads
Filter Bypass: Bypassing security filters and WAFs
File Upload SSTI: Exploiting SSTI through file upload functionality
Advanced Techniques: Complex methods to bypass modern protections
RCE via SSTI: Achieving remote code execution through template injection
Common Template Engines
Jinja2 (Python): {{7*7}} - Most common in Flask applications
Twig (PHP): {{7*7}} - Used in Symfony and other PHP frameworks
Smarty (PHP): {7*7} - Popular PHP template engine
Freemarker (Java): ${7*7} - Java-based template engine
Handlebars (JavaScript): {{7*7}} - JavaScript template engine
Real-World Impact
Remote Code Execution (RCE) on the server
File system access and arbitrary file reading
Bypass authentication and authorization mechanisms
Data exfiltration and sensitive information disclosure
Server compromise and lateral movement
Compliance violations and security breaches