Server Side Template Injection | SSTI - Indian Cyber Security Solutions

SSTI – Server Side Template Injection

What is SSTI?

Web applications frequently employ template engines to convey dynamic data via web pages and emails. Unsafely inserting user input in templates enables Server-Side Template Injection, an often serious vulnerability that is easily misidentified as Cross-Site Scripting (XSS) or overlooked entirely. Template Injection, unlike XSS, may be used to directly attack web server internals and frequently acquire Remote Code Execution (RCE), making any susceptible application a possible pivot point.

Template engines are intended to combine templates with a data model to generate result documents that aid in inserting dynamic data into web pages. Users, products, and other information can be displayed using template engines. The following are some of the most well-known template engines: PHP – Smarty, Twigs ; Python – JINJA, Mako, etc… When input validation isn't handled properly on the server, a malicious server-side template injection payload can be performed, resulting in remote code execution.

You can try to probe {{9*'9'}} to see if the target is vulnerable. It would return 81 in Twig, 999999999 in Jinja2, and neither in the absence of template language.

This step can be as simple as providing incorrect syntax, because template engines can identify themselves in error messages. It's worth noting that there are alternative ways to find more template engines. #Tips - Tplmap or its Burp Suite Plugin will do the trick😉 [Tplmap facilitates the exploitation of Code Injection and Server-Side Template Injection vulnerabilities by gaining access to the underlying operating system via a variety of sandbox escape tactics.]

Lets take an example of Flask and Jinja2 SSTI. On visiting the host we see flask/jinja2.

Now we will check for the SSTI on this site.

You can see here that it was a success! This site has SSTI

Now we can use this to exploit the server by using below give payload…

RCE Bypassing Payload

Now our url will look like: http://165.22.124.155:31361/%7B%7Brequest.application.globals.builtins.import('os').popen('cat%20flag.txt').read()%7D%7D

And Boom! We hacked into the server!

This was an overview to SSTI (server side template injection) You can search online about SSTI and learn more. Happy Learning!

Why Choose Indian Cyber Security Solutions (ICSS) ?

Indian cyber security Solutions is one of best institute of India among other institute in India. ICSS offer as CEHv11 Courses in India as well as kali Linux. ICSS has won as many award for giving the online training as well as offline training. Its way of giving the training is unique which is easily adapted by the student as well as the professional. Due to way how ICSS trained the student it has got as many award some of award are Tech Brand of 2020,Ten most trusting cyber security certification provider 2021 and many more.

Among the many Ethical Hacking course in India, Indian Cyber Security Solutions would be the right for you to join. We have the right set of practical lab classes set up for students to learn as well as industry grade trainers who would conduct the classes and impart the right set of Cyber Security Knowledge to students. Our efforts have been acknowledged by various reputed administrative institutes, such as "Top Ten Training Institutes in India in 2020” by Silicon India; as well as Ten Most Trusted Training & Cyber Security Certifications Provider, 2021 by The Knowledge Review.

As an Education Institute, we are also cyber security service provider to corporate organization. Services like VAPT, Web Penetration Testing, Network Penetration Testing, Mobile Application Penetration Testing to corporate organization like IRCTC, HDFC, Cambridge Technologies, and many more. With this, Indian Cyber Security Solutions have been acknowledged as the 20 Tech Brands of 2021. by Business Connect India.