0xsh logo

Pentest Reference: Server Side Template Injection (SSTI)

Published Feb 17, 2022

Contents

  • References

References

  • Portswigger: Server Side Template Injection
  • $10,000 bounty in Shopify - Server Side Template Injection in Return Magic email templates?
  • RCE in Hubspot with EL injection in HubL
  • YAHOO! RCE via Spring Engine SSTI
  • Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 | CVE-2018-14716
  • Frappé Technologies ERPNext Server Side Template Injection
© 2023 0xsh
twitter/github