There are 3 repositories under ssti topic.
Check your WAF before an attacker does
🎯 Server Side Template Injection Payloads
CTF Cheat Sheet + Writeups / Files for some of the Cyber CTFs that I've done
Simple websites vulnerable to Server Side Template Injections(SSTI)
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
XSS Finder Via SSTI
Small Vulnerable Web App
Go-sec-code is a project for learning Go vulnerability code.
CVE-2018-16341 - Nuxeo Remote Code Execution without authentication using Server Side Template Injection
App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
Vulnerability Walkthrough
Voyager.js is a Node.js script designed for testing URLs for template injection vulnerabilities. It automates the process of appending known injection strings to URLs and monitors the responses for signs of successful injection.
iTop < 2.7.6 - (Authenticated) Remote command execution
Concernant le projet WebSecurityEmpire : Il s'agit de scripts pour tester la sécurité de site internet, cette collection peut être utilisé pour faire des présentations.
Web CTF CheatSheet 🐈
simple server site template injection scanner !
The CTF requires an understanding of how Flask works in order to exploit an SSTI.
An Intentionally Vulnerable SSTI application for a beginner to an experienced.
A simple automation tool to detect LFI, RCE and SSTI vulnerabilities.
2022 网鼎杯 玄武 web ctf thymeleaf SSTI bypass and memshell
Express app with Pug templates demonstrating SSTI vulnerability and secure implementation for educational purposes.
Simple ssti payload generator for java using concat technique
Exploit against Grav CMS (versions below 1.7.45) that allows Remote Code Execution for an authenticated user.
Server-side template injections (SSTI) are vulnerabilities that let the attacker inject code into such server-side templates. In simple terms, the attacker can introduce code that is actually processed by the server-side template. A sample cyber security project.