Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2021-06-26 13:24:50 +00:00 committed by gitbook-bot
parent c587535ca8
commit 2617d4477e
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pentesting-web/ssti-server-side-template-injection/README.md
View file

@ -331,6 +331,11 @@ Payload: {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstanc
### Expression Language - EL \(Java\)
* `${"aaaa"}` - "aaaa"
* `${99999+1}` - 100000.
* `#{7*7}` - 49
* `{{7*7}}` - 49
EL provides an important mechanism for enabling the presentation layer \(web pages\) to communicate with the application logic \(managed beans\). The EL is used by **several JavaEE technologies**, such as JavaServer Faces technology, JavaServer Pages \(JSP\) technology, and Contexts and Dependency Injection for Java EE \(CDI\).
Check the following page to learn more about the **exploitation of EL interpreters**: