exploiting-template-injection-vulnerabilities

Featured

Detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities across Jinja2, Twig, Freemarker, and other template engines to achieve remote code execution.

AI & Automation 16,326 stars 1981 forks Updated 2 weeks ago Apache-2.0

Install

View on GitHub

Quality Score: 97/100

Stars 20%
100
Recency 20%
90
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Exploiting Template Injection Vulnerabilities ## When to Use - During authorized penetration tests when user input is rendered through a server-side template engine - When testing error pages, email templates, PDF generators, or report builders that include user-supplied data - For assessing applications that allow users to customize templates or notification messages - When identifying potential SSTI in parameters that reflect arithmetic results (e.g., `{{7*7}}` returns `49`) - During security assessments of CMS platforms, marketing tools, or any application with templating functionality ## Prerequisites - **Authorization**: Written penetration testing agreement with RCE testing scope - **Burp Suite Professional**: For intercepting and modifying template parameters - **tplmap**: Automated SSTI exploitation tool (`git clone https://github.com/epinna/tplmap.git`) - **SSTImap**: Modern SSTI scanner (`pip install sstimap`) - **curl**: For manual SSTI payload testing - **Knowledge of template engines**: Jinja2, Twig, Freemarker, Velocity, Mako, Pebble, ERB, Smarty ## Workflow ### Step 1: Identify Template Injection Points Find parameters where user input is processed by a template engine. ```bash # Inject mathematical expressions to detect template processing # If the server evaluates the expression, SSTI may be present # Universal detection payloads PAYLOADS=( '{{7*7}}' # Jinja2, Twig '${7*7}' # Freemarker, Velocity, Spring EL '#{7*7}' ...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
2 weeks ago
Language
Python
License
Apache-2.0

Bundled in these plugins

cybersecurity-skills

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

ssti

Server-Side Template Injection expert methodology. Detection across Jinja2, Twig, Freemarker, Velocity, Mako, Smarty. Exploitation path from SSTI to RCE and data exfiltration.

0 Updated 2 weeks ago
sunilgentyala
Data & Documents Listed

sast-ssti

Detect Server-Side Template Injection (SSTI) vulnerabilities in a codebase using a three-phase approach: recon (find template rendering sites that use dynamic strings), batched verify (trace user input to those sites in parallel subagents, 3 candidates each), and merge (consolidate batch results). Requires sast/architecture.md (run sast-analysis first). Outputs findings to sast/ssti-results.md. Use when asked to find SSTI or template injection bugs.

0 Updated yesterday
reasonless-throne486
AI & Automation Listed

ssti

Server-Side Template Injection — fingerprint the engine first (Jinja2 / Twig / Velocity / Freemarker / ERB / Smarty / Mako / Handlebars / Pug), then escalate the engine-specific primitive to RCE or sandbox escape. Use when user input is reflected through a template engine (Jinja2/Twig/Velocity/Freemarker/ERB/Smarty/Mako/Handlebars/Pug) or {{7*7}} evaluates to 49.

0 Updated yesterday
Wulan234