Update client-side-template-injection-csti.md
This commit is contained in:
parent
85e74a98f3
commit
7771bee6c0
|
@ -19,7 +19,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|||
|
||||
# Summary
|
||||
|
||||
It is like a [**Server Side Template Injection**](ssti-server-side-template-injection/) but in the **client**. The **SSTI** can allow you the **execute code** on the remote server, the **CSTI** could allow you to **execute arbitrary JavaScript** code in the victim.
|
||||
It is like a [**Server Side Template Injection**](ssti-server-side-template-injection/) but in the **client**. The **SSTI** can allow you to **execute code** on the remote server, the **CSTI** could allow you to **execute arbitrary JavaScript** code in the victim.
|
||||
|
||||
The way to **test** for this vulnerability is very **similar** as in the case of **SSTI**, the interpreter is going to expect something to execute **between doubles keys** and will execute it. For example using something like: `{{ 7-7 }}` if the server is **vulnerable** you will see a `0` and if not you will see the original: `{{ 7-7 }}`
|
||||
|
||||
|
|
Loading…
Reference in New Issue