From 2c152d4a8d0785e1d99545fba9cbde7c3367574f Mon Sep 17 00:00:00 2001 From: Eric Ung Date: Thu, 12 Jun 2025 11:22:53 -0500 Subject: [PATCH 1/2] Write a document for template injection --- .../what-is-a-template-injection.md | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 docs/web-exploitation/template-injection/what-is-a-template-injection.md diff --git a/docs/web-exploitation/template-injection/what-is-a-template-injection.md b/docs/web-exploitation/template-injection/what-is-a-template-injection.md new file mode 100644 index 00000000..91c6e8a2 --- /dev/null +++ b/docs/web-exploitation/template-injection/what-is-a-template-injection.md @@ -0,0 +1,20 @@ +# Server Side Template Injection + +Server side template injection starts off with as a two sets of brackets containing each other and contains operations in it. Seen below is an example of an operation being passed into a parameter for an argument of a website. + +``` +{{8*8}} +``` + +One of the next features in it is python which can be passed into a parameter for an argument if a website isn't secure enough to be tested on it. The next example shows a python command being injected into the the parameter of a website. + + +``` +{{self.__init__.__globals__.__builtins__.__import__(os).popen(ls .).read()}} +``` + + +# References + +![Server Side Template Injection With Jinja2](https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2/) +![Template Injection Vulnerabilities](https://www.paloaltonetworks.com/blog/cloud-security/template-injection-vulnerabilities/) From c51b4cce150eaa180376f7af46d583d3f1036857 Mon Sep 17 00:00:00 2001 From: Eric Ung Date: Thu, 12 Jun 2025 19:46:48 -0500 Subject: [PATCH 2/2] lasting notes --- .../template-injection/what-is-a-template-injection.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/web-exploitation/template-injection/what-is-a-template-injection.md b/docs/web-exploitation/template-injection/what-is-a-template-injection.md index 91c6e8a2..fc9fde7d 100644 --- a/docs/web-exploitation/template-injection/what-is-a-template-injection.md +++ b/docs/web-exploitation/template-injection/what-is-a-template-injection.md @@ -13,8 +13,12 @@ One of the next features in it is python which can be passed into a parameter fo {{self.__init__.__globals__.__builtins__.__import__(os).popen(ls .).read()}} ``` +This opens the door for parameter testing different websites so be advised on testing this. + # References ![Server Side Template Injection With Jinja2](https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2/) + ![Template Injection Vulnerabilities](https://www.paloaltonetworks.com/blog/cloud-security/template-injection-vulnerabilities/) +