Scribd
Upload
413 views2 pages

Template Injecting: Cryptbb2gezhohku - Onion

The document discusses the difference between server-side template injecting (SSTI) and client-side template injecting (CSTI). SSTI payloads would be executed server-side and the response sent back, potentially leading to remote code execution. CSTI payloads are rendered in the browser through JavaScript and could be used for client-side exploits like HTML injection or XSS. To determine if a payload is SSTI or CSTI, one can check the raw HTTP response - if it contains the payload but the page shows the evaluated result, it is likely CSTI due to JavaScript modification on the client-side.

Uploaded by

Wane Stayblur
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
413 views2 pages

Template Injecting: Cryptbb2gezhohku - Onion

The document discusses the difference between server-side template injecting (SSTI) and client-side template injecting (CSTI). SSTI payloads would be executed server-side and the response sent back, potentially leading to remote code execution. CSTI payloads are rendered in the browser through JavaScript and could be used for client-side exploits like HTML injection or XSS. To determine if a payload is SSTI or CSTI, one can check the raw HTTP response - if it contains the payload but the page shows the evaluated result, it is likely CSTI due to JavaScript modification on the client-side.

Uploaded by

Wane Stayblur
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Template Injecting about:reader?url=http://cryptbb2gezhohku.onion/showthread.php?

tid=1226

cryptbb2gezhohku.onion

Template Injecting

useruser • Junior Registered Posts:9 Joined:Dec 2019 Reputation: 0


2 minutes

How can you tell difference between server side and client side template injecting?

I understand why server side is a bigger issue than client side but how do we tell different?
Without knowing template engine we can not assume that because payload do not work
that it is client-side

Power •
CryptBB Admin

Administrator

**********

Posts:

1,638

Joined:

May 2017

Founding Fathers

I assume you are referring to the standard SSTI payload: {{7*7}} which "results in 49 when
an attacker achieves SSTI".

This is obviously not always the case, as you rightfully pointed out. Sometimes it's CSTI!
CSTI will render the payload and also result in 49, depending again on the template
engine. Client-side template engines are in javascript. This means they run in the browser,
as opposed to server-side. This means that if you intercept the raw request, you can
detect whether or not it is SSTI by checking if "49" appears in the raw HTTP response.

If it shows {{7*7}} in the response, yet in the page is show 49, then you know the javascript
is modifying it, in order to replace it with the 49.

1 of 2 3/23/2020, 7:26 AM
Template Injecting about:reader?url=http://cryptbb2gezhohku.onion/showthread.php?tid=1226

Posts:

31

Joined:

Aug 2019

Reputation:

Tutorial Master

as power metioned

ssti would be executed server side then rendered back to you, this might result into a
remote code execution on remote target

while csti is rendered in your browser through java script but you could use it for client side
exploit like html injection or xss

2 of 2 3/23/2020, 7:26 AM

You might also like