Swissky
4ed3e3b6b9
Blind SSTI Jinja
2022-10-02 12:24:39 +02:00
Alexandre ZANNI
3e68276fb7
add 3 template engines + add lang in menu
2022-09-21 11:28:57 +02:00
Swissky
e11a37e6a2
Merge pull request #515 from vladko312/patch-1
...
Added a new SSTI tool
2022-09-07 14:01:09 +02:00
Techbrunch
7850928d41
Add detection
2022-08-30 13:54:59 +02:00
Techbrunch
871b3bcaf2
Add Django Templates SSTI
2022-08-30 13:50:03 +02:00
Wlayzz
961d935623
Update java ssti
...
fix little inattention
2022-08-19 16:22:39 +02:00
Wlayzz
8d70f262ae
Update Java SSTI
...
Adding variable expressions alternative for java injection
2022-08-19 15:04:52 +02:00
Swissky
6650c361e7
Capture a network trace with builtin tools
2022-08-15 15:02:29 +02:00
Swissky
683167d4e9
Merge pull request #521 from mh4ckt3mh4ckt1c4s/ssti-detection
...
Add SSTI detection payload + related resource
2022-08-09 22:09:15 +02:00
its0x08
fc1f3b25a7
fix: Fix spelling
2022-08-09 11:02:21 +02:00
mh4ckt3mh4ckt1c4s
9d274a39a4
Add SSTI detection payload + related resource
2022-08-05 20:05:20 +02:00
s. vewa
33d632df4e
Twig in Wordpress
...
Was very unsuccessful with the given Twig examples, quotes were escaped so got invalid, file_excerpt threw an error, too. Include and also injecting the file name helped. Don't know if this is a wordpress thing...
2022-07-24 12:30:09 +02:00
Vladislav Korchagin
7b79bce819
Update README.md
2022-07-17 18:35:59 +03:00
0x-nope
59cae2ddb4
Update README.md
2022-04-20 09:42:58 +02:00
0x-nope
3db4d04467
added Groovy EL section
2022-03-04 17:39:28 +01:00
ahronmoshe
a26867fdf9
Update README.md
2021-10-26 20:35:04 +03:00
Podalirius
25eae11675
Update README.md
2021-09-26 21:57:50 +02:00
Podalirius
6d48f28d99
Update README.md
2021-09-26 21:55:23 +02:00
Podalirius
58d88e5293
Update README.md
2021-09-26 21:48:51 +02:00
Podalirius
030e536586
Update README.md
2021-09-26 21:37:05 +02:00
Podalirius
f44fae68b5
Update README.md
2021-09-26 21:30:35 +02:00
Podalirius
5d846e9b8d
Update README.md
2021-09-26 21:28:29 +02:00
Podalirius
b5699ecf08
Update README.md
2021-09-18 20:03:12 +02:00
Podalirius
4c29079010
Update README.md
2021-08-26 20:50:19 +02:00
Swissky
7c06c9025e
Update README.md
2021-08-25 22:17:34 +02:00
Jeffrey Cap
9bde75b32d
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Python IPv6 Reverse Shell Payload
2021-08-23 14:41:40 -05:00
Podalirius
3bed3bccc8
Added context-free jinja2 payloads
...
Fixed a few typos and broken links
2021-07-27 19:20:36 +02:00
Jeremy Buis
6841fc21d2
Update README.md
...
Fixes a typo
2021-07-16 11:24:16 -04:00
Jeremy Buis
a0c08e4e87
Update README.md
...
Added Lessjs example PoC
2021-07-06 10:36:43 -04:00
Swissky
e3e3ca6ba2
Merge pull request #366 from mpgn/master
...
Update Smarty Template Injection
2021-05-20 18:08:20 +02:00
mpgn
367296c1f1
Update Smarty Template Injection
2021-05-20 16:42:51 +02:00
Swissky
8d31b7240b
Office Attacks
2021-02-21 20:17:57 +01:00
Swissky
6bcd2e8a6a
Update README.md
2021-01-31 21:51:53 +01:00
ムハンマド
89429f9c4f
SSTI Payload in Jinja2 - Arbitrary file read
2021-01-18 11:48:38 +03:00
akoul02
ed944a95af
Improved Jade payload
2020-10-31 18:02:29 +03:00
Vincent Gilles
0b90094002
Fix(Docs): Correcting typos on the repo
2020-10-17 22:52:35 +02:00
Swissky
b641131f27
SSTI - Pebble update
2020-10-17 12:25:50 +02:00
Swissky
75a0f34bdc
Merge pull request #236 from Techbrunch/patch-9
...
Update README.md
2020-08-19 16:30:32 +02:00
Techbrunch
502a8121b4
Update README.md
...
Add reference to debug tag for Jinja2
2020-08-19 14:46:43 +02:00
Techbrunch
76e6f7dc95
Update README.md
...
Add Handlebars payload
2020-08-19 14:20:18 +02:00
Swissky
2c935df34d
EL Injection - SSTI
2020-07-10 15:05:13 +02:00
meizjm3i
a987b8be9f
corrected a single quotation mark closure error
2020-05-29 18:35:22 +08:00
meizjm3i
7670e2c36c
Update ERB SSTI tips
2020-05-29 12:28:55 +08:00
idealphase
712e3b93f6
Sorting like basic injection part
2020-04-30 17:15:31 +07:00
idealphase
7f1fb32980
Adding Execute code using SSTI for ERB engine.
2020-04-30 17:13:58 +07:00
Swissky
1d8414c703
ASP.NET Razor SSTI
2020-04-18 21:18:22 +02:00
Swissky
a19fd013fb
Merge pull request #181 from SecGus/master
...
Added RCE SSTI Jinja2 Bypass payload developed by SecGus (chivato)
2020-04-13 19:42:14 +02:00
chiv
7e7f5e7628
Added SSTI RCE bypass payload for Jinja2
2020-04-13 18:48:43 +01:00
chiv
cc3b05017d
Added a new RCE payload to Jinja2 SSTI bypasses
2020-04-13 18:44:16 +01:00
SakiiR SakiiR
38c273ff00
Added IFS (WAF bypass) to Symfony Twig RCE
2020-03-29 23:23:26 +02:00