How this template works
APIs Selection
The template uses regular expressions to match any request payload or query parameter key. It extracts the matched key and assigns it to the variables "payloadKey" and "queryKey" respectively.
Execute request
The template modifies the query parameter "queryKey" by injecting the value "%24%7B%277%27%20*%207%7D", which represents the expression "${'7'*7}". It also modifies the request body parameter "payloadKey" by injecting the value "${'7'*7}". These modifications aim to test for Server-Side Template Injection vulnerabilities.
Validation
The template validates the response payload by checking if it contains the string "7777777". If the response payload contains this string, it indicates a successful exploitation of the Server-Side Template Injection vulnerability.
Frequently asked questions
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling