Server-Side Template Injection Labs
Intro
-
This project is aiming to help guys learning SSTI, and from which you may learn new way to bypass. And this project is open for you to submit new bypass method
Please don't use your SSTI skills anywhere where you don't have legal permission.Applying is on Live Websites is illegal and if you do so you have to face legal consequences.
-
这个项目是为了帮助正在学习SSTI的伙伴,你可以从中学到一些绕过方法,同时如果你有新的绕过姿势,你可以参与到本项目的贡献之中.
如果你没有获得授权的话请不要在互联网任何地方使用SSTI,否则你可能面临法律审判.
Usage
flask-lab
-
Make sure you have
pythoninstalled -
确保你已经安装了
python
-
Clone this repo or download the zipfile
克隆项目或者下载zip文件
-
pip install -r requirements.txt -
python app.py
-
It will run on port 5000, for safety, don't run as
root -
它将运行在5000端口上,为了安全起见,请不要使用
root用户运行 -
你还可以在NSSCTF直接开启本环境ssti-flask-labs
ejs-lab
-
In development
-
开发中
django-lab
-
In development
-
开发中
Contribute
-
If you have any other idea please create a pull request and I will do my best to merge appropriately and include your name in the note.
also you can contact me by email
xennyxd1@gmail.com -
如果你有任何想法的话请创建一个PR到本项目,我会审核并进行合并,同时将你的名字添加到文档.
你也可以通过邮箱联系我
xennyxd1@gmail.com