ssti
There are 45 repositories under ssti topic.
nemesida-waf/waf-bypass
Check your WAF before an attacker does
vladko312/SSTImap
Automatic SSTI detection tool with interactive interface
Marven11/Fenjing
专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF
payloadbox/ssti-payloads
🎯 Server Side Template Injection Payloads
Adamkadaban/CTFs
CTF Cheat Sheet + Writeups / Files for some of the Cyber CTFs that I've done
DiogoMRSilva/websitesVulnerableToSSTI
Simple websites vulnerable to Server Side Template Injections(SSTI)
Yt1g3r/CVE-2019-3396_EXP
CVE-2019-3396 confluence SSTI RCE
Err0r-ICA/SCANter
Websites Vulnerability Scanner
ronin-rb/ronin-vulns
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
darklotuskdb/SSTI-XSS-Finder
XSS Finder Via SSTI
knassar702/hacking-lab
Small Vulnerable Web App
cokeBeer/go-sec-code
Go-sec-code is a project for learning Go vulnerability code.
mpgn/CVE-2018-16341
CVE-2018-16341 - Nuxeo Remote Code Execution without authentication using Server Side Template Injection
filipkarc/ssti-flask-hacking-playground
App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.
DEMON1A/Blinder
A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers
muneebwanee/SubScanner
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
RiteshPuvvada/riteshpuvvada.github.io
Vulnerability Walkthrough
anger/voyager-js
Voyager.js is a Node.js script designed for testing URLs for template injection vulnerabilities. It automates the process of appending known injection strings to URLs and monitors the responses for signs of successful injection.
Acceis/exploit-CVE-2022-24780
iTop < 2.7.6 - (Authenticated) Remote command execution
LOIC-only-one/WebSecurityEmpire
Concernant le projet WebSecurityEmpire : Il s'agit de scripts pour tester la sécurité de site internet, cette collection peut être utilisé pour faire des présentations.
phanatagama/Web-CTF-Cheatsheet
Web CTF CheatSheet 🐈
LeoFVO/gossti
GoSSTI is a SSTI scanner for web application. Developed in Go.
Marven11/FenJing-Legacy
A payload generator for Jinja SSTI
RobinTrigon/ertssti
simple server site template injection scanner !
DanielAzulayy/FlaskyCTF-2020
The CTF requires an understanding of how Flask works in order to exploit an SSTI.
dotPY-hax/ssti-checker
rudimentary checker/scanner for server side template injection
dr34mhacks/Ginger-juice-shop
An Intentionally Vulnerable SSTI application for a beginner to an experienced.
storenth/lazyParam
A simple automation tool to detect LFI, RCE and SSTI vulnerability. Forked for PR and customization
TargetPackage/lazyParam
A simple automation tool to detect LFI, RCE and SSTI vulnerabilities.
testivy/wangding_2022_ctf_findit
2022 网鼎杯 玄武 web ctf thymeleaf SSTI bypass and memshell
TheWation/NodeJsSSTI
Express app with Pug templates demonstrating SSTI vulnerability and secure implementation for educational purposes.
TrueBad0ur/ssti_java_concat_payload_generator
Simple ssti payload generator for java using concat technique
JVWAC/JGVWA
Java General Vulnerable Web Application
gunzf0x/Grav-CMS-RCE-Authenticated
Exploit against Grav CMS (versions below 1.7.45) that allows Remote Code Execution for an authenticated user.
http406/ServerSide-Template-Injection
Server-side template injections (SSTI) are vulnerabilities that let the attacker inject code into such server-side templates. In simple terms, the attacker can introduce code that is actually processed by the server-side template. A sample cyber security project.