登录查看更多内容

点击“继续加入或登录”，即表示您同意遵守领英的《用户协议》、《隐私政策》及《Cookie 政策》。

How can you test for server-side template injection (SSTI) vulnerabilities?

由人工智能和领英社区提供技术支持

Server-side template injection (SSTI) is a type of web application vulnerability that allows an attacker to inject malicious code into a server-side template engine, such as Jinja2, Twig, or Freemarker. A template engine is a tool that renders dynamic web pages by combining data from a database or user input with a predefined template. If the template engine does not properly sanitize the user input, an attacker can exploit it to execute arbitrary commands, access sensitive files, or even take over the server.

此文章中的业界达人

由社区从 4 条内容中精选。了解更多

Aditya Mishra

Intern @Krsh Welfare Foundation, Utilising - Conference Papers || White Papers || Leetcode

1 What is the impact of SSTI?

SSTI can have severe repercussions for the security and performance of a web application. Depending on the template engine and the server configuration, an attacker can employ SSTI to carry out a variety of activities, such as stealing or modifying data from the database or server, escaping the template sandbox and executing code on the server, bypassing authentication and authorization mechanisms, creating backdoors or web shells for persistent access, and denying service to legitimate users or crashing the server.

添加您的观点

Aditya Mishra

Intern @Krsh Welfare Foundation, Utilising - Conference Papers || White Papers || Leetcode
举报内容
Injection Attacks such as SQL,LDAP,XPATH,OS Injections occurs if user input is not handled properly, these attacks hit the DB directly to retrieve/update the content from/to it. The common webserver attacks happen due to raw user input is XSS(Cross Site Scripting) attacks,path traversal and Remote code executions on the server leading to modifying the server content or executing remote commands.

已翻译

赞

加载更多内容

2 How can you identify SSTI?

The first step to test for SSTI is to identify the template engine used by the web application. You can do this by looking at the file extensions, the syntax, or the error messages of the web pages. For example, Jinja2 uses .html or .j2 extensions, Twig uses .twig extensions, and Freemarker uses .ftl extensions. You can also use tools like Wappalyzer or BuiltWith to detect the template engine.

The next step is to find the user input points that are reflected in the web pages, such as search boxes, forms, or URL parameters. You can then try to inject some template expressions or directives that are specific to the template engine and observe the response. For example, you can try to inject {{7*7}} for Jinja2 or Twig, or ${7*7} for Freemarker, and see if the result is 49.

添加您的观点

Aditya Mishra

Intern @Krsh Welfare Foundation, Utilising - Conference Papers || White Papers || Leetcode
举报内容
In case of a vulnerability, an error message can be returned or the exception can be raised by the server. This can be used to identify the vulnerability and the template engine in use. To identify the vulnerability, the following to-do list can be followed: Detect where the template injection exist Identify the template engine and validate the vulnerability Follow the manuals for the specific template engine Exploit the vulnerability

已翻译

赞

3 How can you exploit SSTI?

If you confirm that the web application is vulnerable to SSTI, you can try to escalate your attack and gain more control over the server. Depending on the template engine and the server environment, there are various methods of exploitation, such as using built-in functions or filters to access or modify variables, objects, or files; template inheritance or inclusion to load or execute external files or templates; string concatenation or evaluation to execute arbitrary code or commands; and template sandbox escape techniques to bypass restrictions or security features. As an example, you can attempt to inject {{config.items()}} for Jinja2 or {{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}} for Twig, in order to execute commands on the server.

添加您的观点

4 How can you prevent SSTI?

To prevent SSTI, you should use a secure template engine that has a sandbox mode, a strict syntax, and a limited set of features. Additionally, it is important to sanitize and validate all user input before passing it to the template engine. Output encoding or escaping can help prevent cross-site scripting (XSS) or HTML injection, while parameterized queries or prepared statements can be used to avoid SQL injection. Furthermore, secure file permissions and access control policies should be implemented to limit the exposure of sensitive files or directories. Lastly, firewalls, antivirus, or intrusion detection systems can be used to monitor and block malicious traffic.

添加您的观点

Aditya Mishra

Intern @Krsh Welfare Foundation, Utilising - Conference Papers || White Papers || Leetcode
举报内容
There are 2 common suggestions to remediate this vulnerability: Sanitization: Sanitize user input before passing it into the templates to minimize vulnerabilities from any malicious. Sandboxing: In case using risky characters is a business need, it is recommended to use a sandbox within a safe environment.

已翻译

赞

5 How can you learn more about SSTI?

If you want to learn more about SSTI, you can use the OWASP SSTI Cheat Sheet, which is a comprehensive guide to SSTI detection and exploitation. Additionally, the PortSwigger Web Security Academy is a free online platform with interactive labs and tutorials on SSTI and other web security topics. Finally, HackerOne Hacktivity is a collection of real-world reports and write-ups on SSTI and other web vulnerabilities. All of these resources are invaluable for staying up to date on the complex and ever-evolving topic of SSTI.

添加您的观点

6 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?

添加您的观点

Software Design

+ 关注

给文章评分

我们借助人工智能创建了此文章。您认为这篇文章怎么样？

很棒不太好

举报此文章

查看全部

How can you test for server-side template injection (SSTI) vulnerabilities?

1

2

3

4

5

6

1 What is the impact of SSTI?

2 How can you identify SSTI?

3 How can you exploit SSTI?

4 How can you prevent SSTI?

5 How can you learn more about SSTI?

6 Here’s what else to consider

Software Design

给文章评分

感谢您的反馈

更多Software Design相关文章

更多相关阅读内容

How can you test for server-side template injection (SSTI) vulnerabilities?

1

2

3

4

5

6

1 What is the impact of SSTI?

2 How can you identify SSTI?

3 How can you exploit SSTI?

4 How can you prevent SSTI?

5 How can you learn more about SSTI?

6 Here’s what else to consider

Software Design

给文章评分

感谢您的反馈

查看其他技能