SSTI
Last updated
Last updated
Server-Side Template Injection (SSTI) is a vulnerability that occurs when user input is directly inserted into the template engine of a web application. Common template engines include Smarty (PHP), Jinja2 (Python), and Pug (formerly known as Jade) for Node.js.
If an SSTI attack is successful, it can lead to Remote Code Execution (RCE), enabling attackers to escalate privileges and potentially achieve full compromise of the application.
tplmap
TInjA
SSTImap
Swisskyrepo/PayloadAllTheThings