There are 2 repositories under ssti topic.
Check your WAF before an attacker does
🎯 Server Side Template Injection Payloads
CTF Cheat Sheet + Writeups / Files for some of the Cyber CTFs that I've done
Simple websites vulnerable to Server Side Template Injections(SSTI)
XSS Finder Via SSTI
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
Small Vulnerable Web App
Go-sec-code is a project for learning Go vulnerability code.
CVE-2018-16341 - Nuxeo Remote Code Execution without authentication using Server Side Template Injection
App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
Vulnerability Walkthrough
iTop < 2.7.6 - (Authenticated) Remote command execution
Voyager.js is a Node.js script designed for testing URLs for template injection vulnerabilities. It automates the process of appending known injection strings to URLs and monitors the responses for signs of successful injection.
Concernant le projet WebSecurityEmpire : Il s'agit de scripts pour tester la sécurité de site internet, cette collection peut être utilisé pour faire des présentations.
Web CTF CheatSheet 🐈
simple server site template injection scanner !
The CTF requires an understanding of how Flask works in order to exploit an SSTI.
A simple automation tool to detect LFI, RCE and SSTI vulnerabilities.
Simple ssti payload generator for java using concat technique
CS5331 Server-Side Template Injection Project
This script will prepare some tmux session precompiled to test command injection on some web page parameter (on a GET or POST request).
Server-side template injections (SSTI) are vulnerabilities that let the attacker inject code into such server-side templates. In simple terms, the attacker can introduce code that is actually processed by the server-side template. A sample cyber security project.
2022 网鼎杯 玄武 web ctf thymeleaf SSTI bypass and memshell
Express app with Pug templates demonstrating SSTI vulnerability and secure implementation for educational purposes.
FastAPI app with Jinja2 SSTI vulnerability example to demonstrate security risks in web applications.