logo
jacobh.io
Server Side Template Injection (SSTI)
Initializing search
    Jacob-Ham/jacobhio
    • $ whoami
    • 🐉 Kali Setup
    • ☁ī¸ Cloud
    • 🌐 Web Application
    • 🤓 writeups
    • 🧠 Methodologies
    • đŸĒŸ Active Directory
    Jacob-Ham/jacobhio
    • $ whoami
    • 🐉 Kali Setup
        • Authenticate
        • Compute Services & Lateral Movement
        • Credential & Identity Attacks
        • Discovery & Reconnaissance
        • Phishing via SSO Device Codes
        • Secrets & Notification Services
        • Serverless Services Exploitation
        • Storage Enumeration & Exploitation
        • Tools
      • Under Construction
      • Insecure File Uploads
      • Verb Tampering
      • Web Application Firewall
        • API
        • Mass Assignment
        • Getting Started
        • Broken Function Level Access (BLFA)
        • Broken Object Level Access (BOLA)
        • Insecure Direct Object Reference (IDOR)
        • Getting Started
        • Brute Forcing Authentication
        • Json Web Tokens (JWTs)
        • Multi Factor Authentication
        • Rate Limiting
        • Session Tokens
        • Directory Fuzzing
        • Google Dorks
        • Parameter Fuzzing
        • Directory Traversal
        • Filter Bypasses
        • Local File Inclusion (LFI)
        • Remote File Inclusion
        • Command Injection
        • Cross Site Scripting (XSS)
        • External Entity Injection (XXE)
        • NoSQL Injection
        • SQL Injection
        • Server Side Template Injection (SSTI)
        • Cross Site Request Forgery (CSRF)
        • Server Side Request Forgery
      • Index
        • OverCertified
        • Active Directory
        • Web Application
        • Compiling Binaries
        • Passive Network Recon
        • SQLMap
        • WebApp
          • ACLs
          • Capabilities
          • Credential Hunting
          • Environment Hunting
          • General Information
          • Groups
          • Low Level Exploits
          • NFS, Samba, Network Shares
          • Permissions
          • Restricted Shells
          • Service Based Escalation
          • Shared Libraries & Interpreter Hijacking
          • Writable Directories
      • Under Construction
        • ASREPRoast
        • Credential Dumping
        • Credential Hunting
        • Hash Cracking
        • Kerberoasting
        • DCShadow
        • DCSync
        • Diamond Ticket
        • Golden Ticket
        • Overpass The Hash
        • Pass The Hash
        • Pass The Ticket
        • Silver Ticket
        • Enumerating Security Controls
        • Powershell Downgrade
        • Domain User Enumeration
        • Domain Wide Enumeration
        • Forest & Domain Trusts
        • Group Membership
        • Host Enumeration
        • Living Off the Land Enumeration
        • Password Policy Enumeration
        • GPP Password
        • IPv6 Attacks
        • LLMNR Poisoning
        • LNK File Attacks
        • NetNTLM Hash Stealing Locations
        • Password Stuff
        • PetitPotam (MS EFSRPC)
        • Word Doc Macro
        • ZeroLogon
        • Alternate Service Name
        • Constrained Delegation
        • Domain ACLs
        • Group Policy Abuse
        • Kerberos Double Hop
        • MSSQL Abuse
        • Microsoft Configuration Manager
        • Pivoting
        • Relay Attacks
        • Resource Based Constrained Delegation
        • SMB
        • Service for User to Self
        • Unconstrained Delegation
        • Disable Restricted Admin Mode
        • Enable plaintext wdigest
        • Host Persistence
        • Local Administrator Password Solution
        • NoPac (SamAccountName Spoofing)
        • Token Privileges
        • UAC Bypasses
        • Unquoted Service Path
        • Weak Service Binary Permissions
        • Weak Service Permissions
        • Šī¸ ADCS
        • đŸ‘ģ PrintNightmare

    Server Side Template Injection (SSTI)

    https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection 1. First try to generate an error to leak the templating engine 2. Use hacktricks payloads for execution

    Made with Material for MkDocs