Detections
Analytics
Server-Side Template Injection
Description
Web applications often rely on template engines to manage the dynamic generation of the HTML pages presented to their users.
A Server-Side Template Injection (SSTI) vulnerability exists when an application embeds unsafe user-controlled inputs in its templates and then evaluates it.
By injecting a specific payload dependent on the template engine used by the application, an attacker can leverage this vulnerability to gain access to sensitive information or to achieve remote code execution.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Web App Scanning | Web Applications | Authenticated Scan | HTTP/HTTPS | Server-Side Template Injection | Plugin ID: 112614 |
References
Attack Path Technique Details
Framework: OWASP
Family: Injection
Technique: Server-Side Template Injection
Sub-Technique: Server-Side Template Injection
Platform: Web Application
Products Required: Tenable Web App Scanning
Tenable Release Date: 2022 Q2