Server-side Template Injection - Learning section
The Portswigger Web Academy
Before you start
- In the Portswigger Web Academy you'll find the theoretical information and explanation, then you'll find a challenge, make sure to understand the information before you start the challenge.
- The theoretical information is such important as the challenge or practical part.
- Take your notes they are very important.
- Try to do everything by yourself, but remember that we are learning so feel free to see the solution and follow it, you'll learn a lot
- Google is your friend.
Link: Server-side template injection - Portswigger
After the activity
You now know:
- What is server-side template injection.
- The impact of server-side template injection.
- How do server-side template injection vulnerabilities arise.
- How to construct a server-side template injection attack.
- Detect, identify and exploit a server-side template injection attack.
- Look for information in the language documentation.
- Look for known exploits.
- Create a custom attack.
PayloadAllTheThings
Here in this site you'll find some useful payloads and a brief explanation of how it works, so make sure to have a look at it.
Also you can use this site and try the payloads in it when you are facing a challenge.
Here is the link: PayloadAllTheThings - Templates Injections