Skip to content

Testing for Server-side Template Injection

OWASP

OWASP Web Security Testing Guide 4.2 > 7. Data Validation Testing > 7.18. Testing for Server-side Template Injection

ID Link to Hackinglife Link to OWASP Description
7.18 WSTG-INPV-18 Testing for Server-side Template Injection - Detect template injection vulnerability points. - Identify the templating engine. - Build the exploit.

Server-side Template Injection in HackingLife

Web applications commonly use server-side templating technologies (Jinja2, Twig, FreeMaker, etc.) to generate dynamic HTML responses. Server-side Template Injection vulnerabilities (SSTI) occur when user input is embedded in a template in an unsafe manner and results in remote code execution on the server. Any features that support advanced user-supplied markup may be vulnerable to SSTI.

See my notes

Last update: 2024-05-01
Created: December 26, 2023 19:00:18