Http Ssti In Query Params
Description
This detector identifies Server-Side Template Injection (SSTI) vulnerabilities in web applications by testing query parameters with template engine payloads. SSTI occurs when user input is unsafely embedded into server-side templates, allowing attackers to execute arbitrary code on the server and potentially gain full system control.
Detection Strategy
• Extracts all query parameters from the target URL
• Tests each parameter individually by injecting template engine payloads (e.g., {{7*7}}, ${7*7}) that should evaluate to specific values
• Makes HTTP requests with the mutated URLs containing the payloads
• Compares response content against the original baseline response
• Reports a vulnerability when ALL payloads for a parameter return responses containing the expected evaluation results (markers) that were not present in the original response
• Requires consistent successful payload execution across multiple template injection attempts to confirm the vulnerability
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.