Active Test / Server-Side Template Injection

[DeliciousBounty]

Server-side template injection is a type of code injection that allows an attacker to execute malicious code on a web server by injecting template directives. By manipulating these directives, an attacker can gain access to sensitive data, execute arbitrary code, or even take control of the server.

Contributors are needed to help identify vulnerabilities that can be exploited using server-side template injection on a API.
More info:
https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection

[vibhuti019]

Hi I would like to know more about the issue and work on same.

[DeliciousBounty]

Hello @vibhuti019 !
Thank you for getting involved. In this check, we want to check if the API is vulnerable to Template Injection.
Our checks are based on the OpenAPI specification of the tested API.
If you have more questions, feel free to send me an email, or join us on Discord.
:)
Discord: https://discord.gg/rxW4Mk4N
email: nathan.s@blstsecurity.com

[DeliciousBounty]

Hi I would like to know more about the issue and work on same.

Hey @vibhuti019, do you have some updates?