Skip to content

Commit

Permalink
v41 and stable tweaks
Browse files Browse the repository at this point in the history 
- Add v4.1 PDF to download tab.
- Add raw code tags to SSTI pages so that they render properly.

```text
    Liquid Warning: Liquid syntax error (line 48): Unexpected character
* in "{{7*7}}" in
v40/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection.md
    Liquid Warning: Liquid syntax error (line 68): Unexpected character
* in "{{7*7}}" in
v40/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection.md
```

Signed-off-by: kingthorin <[email protected]>
  • Loading branch information
@kingthorin
kingthorin committed Apr 21, 2020
1 parent d099a28 commit 8f5991b
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 0 deletions.
4 changes: 4 additions & 0 deletions ...ng/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,10 +51,12 @@ def page():

This code snippet is vulnerable to XSS but it is also vulnerable to SSTI. Using the following as a payload in the `name` parameter:

{% raw %}
```bash
$ curl -g 'http://www.target.com/page?name={{7*7}}'
Hello 49!
```
{% endraw %}

## How to Test

Expand All @@ -70,11 +72,13 @@ The first step in testing SSTI in plaintext context is to construct common templ

Common template expression examples:

{% raw %}
```html
a{{bar}}b
a{{7*7}}
{var} ${var} {{var}} <%var%> [% var %]
```
{% endraw %}

In this step an extensive [template expression test strings/payloads list](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection) is recommended.

Expand Down
2 changes: 2 additions & 0 deletions tab_downloads.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ View the always-current stable version at [stable](stable/).

[Version 4.1](v41/) serves as a post-migration stable version under the new GitHub repository workflow.

[Download the v4.1 PDF](https://github.com/OWASP/wstg/releases/download/v4.1/wstg-v4.1.pdf) here.

## [Version 4.0] - 2014-09-17

[Download the v4 PDF](assets/archive/OWASP_Testing_Guide_v4.pdf) here.
Expand Down
4 changes: 4 additions & 0 deletions ...ng/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,10 +51,12 @@ def page():

This code snippet is vulnerable to XSS but it is also vulnerable to SSTI. Using the following as a payload in the `name` parameter:

{% raw %}
```bash
$ curl -g 'http://www.target.com/page?name={{7*7}}'
Hello 49!
```
{% endraw %}

## How to Test

Expand All @@ -70,11 +72,13 @@ The first step in testing SSTI in plaintext context is to construct common templ

Common template expression examples:

{% raw %}
```html
a{{bar}}b
a{{7*7}}
{var} ${var} {{var}} <%var%> [% var %]
```
{% endraw %}

In this step an extensive [template expression test strings/payloads list](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection) is recommended.

Expand Down

0 comments on commit 8f5991b

Please sign in to comment.