Server-Side Template Injection

Also known as SSTI, occurs when in an application that uses template engines, the user input is improperly handled or validated, allowing the execution of arbitrary code or manipulation of the template syntax.

We can find a typical example of this vulnerability as follows:

We have an app that uses a template engine to display some user's data

http://$url/?data=$value

We can submit arbitrary template syntax so that the engine interprets it

http://$url/?data={{7*7}}

{{7*7}} is a standard expression that is used as a proof of concept for template injection

This could lead to retrieving sensitive data from the server

http://$url/?data={{config.items()}}

PreviousServer-Side Request Forgery NextCross-Site Request Forgery

Last updated 4 months ago