SKILL: Server-Side Template Injection (SSTI) — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert SSTI techniques. Covers polyglot detection probes, engine fingerprinting, Jinja2/FreeMarker/Twig/ERB RCE chains, client-side Angular SSTI, and bypass techniques. Base models often miss sandbox escape MRO chains and non-Jinja2 engines. For PHP CMS template eval, Jira SSTI, Confluence OGNL, and Spring Cloud Gateway SpEL, load the companion SCENARIOS.md.

0. RELATED ROUTING

Before using full engine-specific exploitation, you can first load:

First use the polyglot probe sequence at the top of this file for low-noise fingerprinting
expression-language-injection when ${7*7} or %{7*7} resolves in Java (SpEL/OGNL) — different attack surface from template engines

Extended Scenarios

Related skills

More from yaklang/hack-skills

Installs

486

Repository

yaklang/hack-skills

GitHub Stars

620

First Seen

Apr 8, 2026

Security Audits

Gen Agent Trust HubFail

SocketFail

SnykFail

ssti-server-side-template-injection

SKILL: Server-Side Template Injection (SSTI) — Expert Attack Playbook

0. RELATED ROUTING

Extended Scenarios

More from yaklang/hack-skills

hack

xss-cross-site-scripting

sqli-sql-injection

api-sec

ssrf-server-side-request-forgery

api-auth-and-jwt-abuse