Deep Dive into SSTI: Finding and Exploiting Server-Side Template Injection Like a Pro

Summary

• Server-Side Template Injection (SSTI) is an attack that sends malicious input to a server-side template engine, typically used for rendering dynamic web pages.
• If template engines are not sufficiently sanitised, a malicious actor can embed code in the input that will be executed by the template engine, which can potentially lead to remote code execution.
• Attack discovery and escalation typically consists of initial recon, fuzzing payloads to detect templates that are evaluating user input, and then escalating this to code execution.
• Payloads can be injected into form fields or query parameters and looked for responses that contain an evaluated expression, such as the number 49
• There are various offensive exploitation techniques for different languages and template engines, but these can typically be mitigated through rigorous sanitisation of user input.

By Shah kaif

Original Article