Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
0xc7m committed Aug 2, 2022
1 parent 6cfcbf1 commit d36c82c
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,17 +1,19 @@
# JAVA_SSTI

JAVA_SSTI.py assists the exploitation of Server-Side Template Injection vulnerabilities in JAVA.
JAVA_SSTI.py assists the exploitation of Server-Side Template Injection vulnerabilities in java.
The tool and its test suite are developed to research the SSTI vulnerability class and to be used as offensive security tool during web application penetration tests.

What is server-side template injection?
A server-side template injection occurs when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side.
Template engines are designed to generate web pages by combining fixed templates with volatile data. Server-side template injection attacks can occur when user input is concatenated directly into a template, rather than passed in as data. This allows attackers to inject arbitrary template directives in order to manipulate the template engine, often enabling them to take complete control of the server.

### Usage options:
```Bash
eval Command for obfuscation, for example: 'cat /etc/passwd'
optional arguments:
-h, --help show help message
-v, --verbose increase verbosity
```

### Example:
```Bash
Expand Down

0 comments on commit d36c82c

Please sign in to comment.