SSTI - Server Side Template Injection
Severity: High Discovered: 10 of October-2022, 11:12 PM
CWE ID
CWE-74
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Details
SSTI (Server Side Template Injection) is vulnerability that is exploited by malformed user input which allows embedding user input into different application without proper validation. The highest possibility of this vulnerability is to create a path for remote code execution capabilities and be exploited by malicious subjects. Identification of this vulnerability is possible with observation of the invalid syntax in the input with an error messages displayed after creating a response.
Possible exposure
Execute Unauthorized Code or Commands
Remediation suggestions
To protect against this type of attack, you shall validate input before passing to template directive and create a safe environment.
Request
POST https://brokencrystals.com/api/render HTTP/1.1
Accept: application/json, text/plain, */*
Referer: https://brokencrystals.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
Content-Type: text/plain
Cookie: bc-calls-counter=1665443548282; connect.sid=wi7k_QEXSv2mytpWaTKNyd_1wk1LQvfh.HhvHOpsekTEV3vmOg45ZU0IvN%2BxQF2Ub1xmmkjpeDiI
Accept-Encoding: identity
Content-Length: 56
{{="+1"}} {{=5589}} {{=55488}} {{=55}}{{=518794+564180}}
Response
HTTP/1.1 201
Server: nginx/1.19.8
Date: Mon, 10 Oct 2022 23:12:28 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 23
Connection: keep-alive
vary: Origin
access-control-allow-origin: *
x-xss-protection: 0
strict-transport-security: max-age=0
x-content-type-options: 1
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'
set-cookie: bc-calls-counter=1665443548314
Cache-Control: public, max-age=99999
+1 5589 55488 551082974
External links
SSTI - Server Side Template Injection
Severity:
HighDiscovered:10 of October-2022, 11:12 PMCWE ID
CWE-74
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Details
SSTI (Server Side Template Injection) is vulnerability that is exploited by malformed user input which allows embedding user input into different application without proper validation. The highest possibility of this vulnerability is to create a path for remote code execution capabilities and be exploited by malicious subjects. Identification of this vulnerability is possible with observation of the invalid syntax in the input with an error messages displayed after creating a response.
Possible exposure
Execute Unauthorized Code or Commands
Remediation suggestions
To protect against this type of attack, you shall validate input before passing to template directive and create a safe environment.
Request
Response
External links