AppSecExplained
  • Index < START HERE
    • My courses
    • How to get started from zero
  • 📽️Live Stream Content
    • Resource of the week
  • Discovery / Recon
    • Methodology
    • Content discovery / recon
      • Subdomains
      • Endpoints
      • Parameters
      • Spidering
  • Common vulns
    • SQL injection overview
      • Detection
      • Blind SQLi
      • Second-order SQLi
      • SQLi lab setup & writeups
    • NoSQL injection
    • JavaScript injection (XSS)
      • XSS Methodology
    • File Inclusion
      • Local file inclusion
        • Directory traversal
    • Command injection
    • XXE (XML external entity) injection
      • Blind XXE
    • Template injection
      • Server-side template injection
      • Client-side template injection
    • Authentication
      • Attacking password-based authentication
      • Attacking MFA
      • Authentication lab setup & writeups
    • Cross-Site Request Forgery (CSRF)
    • Insecure deserialization
      • PHP
      • Java
      • Python
      • .NET
    • Server-side request forgery (SSRF)
    • Insecure file upload
    • Clickjacking
    • Open redirect
    • Vulnerable components
    • Race conditions
      • Limit overrun
    • Prototype pollution
      • Client-side prototype pollution
    • APIs
      • API: BOLA
      • API: Broken authentication
      • BOPLA
      • API: BFLA
  • Bypassing controls
    • Rate limiting
    • WAF Bypasses
  • Scripts
    • Docker-compose.yml files
      • Wordpress
      • SQLi testing labs
    • PHP scripts
      • RCE Function Check
    • Wordlists
      • Single characters
      • SQLi
  • Code review
    • Getting started
    • Sinks
  • Links worth your time
    • Practical API Hacking
    • Rana Khalil's Web Security Academy Course
    • Portswigger's Web Security Academy
    • TCM Security Discord
    • PentesterLand Writeups
Powered by GitBook
On this page
  • What is it?
  • Detection

Was this helpful?

  1. Common vulns

Template injection

What is it?

Template Injection attacks occur when an attacker can inject malicious input into template expressions, causing the application to execute unintended instructions. These attacks exploit weaknesses in the way applications interpret template expressions, often leading to remote code execution or data exposure.

Template engines are used in various programming languages and frameworks to dynamically generate HTML, XML, or other output formats. While they often have sandboxing features to limit the effects of template injection, these can sometimes be bypassed.

There are many types of Template Injection, which can occur in different template engines, including:

  • Server-side Template Injection (SSTI)

  • AngularJS Template Injection

  • Jinja2 Template Injection

  • Twig Template Injection

  • Freemarker Template Injection

  • Django Template Injection

Detection

${3*3}
${3*'3'}
${{3*3}}
#{3*3}
*{3*3}
{{3*3}}
<%= 3*3 %>
PreviousBlind XXENextServer-side template injection

Last updated 1 year ago

Was this helpful?