SSTI(Server Side Template Injection)

SMALL

SSTI Identify 도식도

+ <%= 7*7%>

페이로드 : 0x1.gitlab.io/web-security/Server-Side-Template-Injection/#basic-injection

Server Side Template Injection

Jinja2 is used by Python Web Frameworks such as Django or Flask. The above injections have been tested on Flask application. :warning: the number 396 will vary depending of the application. Author 0x1 Pentester - WebMaster - Cyber Security - Web & Network

0x1.gitlab.io

[출처] portswigger.net/research/server-side-template-injection

Server-Side Template Injection

Template engines are widely used by web applications to present dynamic data via web pages and emails. Unsafely embedding user input in templates enables Server-Side Template Injection, a frequently c

portswigger.net

[출처] portswigger.net/web-security/server-side-template-injection/exploiting

LIST

내 블로그 - 관리자 홈 전환	`Q` `Q`
새 글 쓰기	`W` `W`

글 수정 (권한 있는 경우)	`E` `E`
댓글 영역으로 이동	`C` `C`

이 페이지의 URL 복사	`S` `S`
맨 위로 이동	`T` `T`
티스토리 홈 이동	`H` `H`
단축키 안내	`Shift` + `/` `⇧` + `/`

study

SSTI(Server Side Template Injection)

티스토리툴바

단축키

내 블로그

블로그 게시글

모든 영역