SSTI in Flask and Jinja
Fuzzing vulnerable payloads in request body and query params to assess Server-Side Template Injection vulnerability.
Server Side Template Injection (SSTI)
How this template works
APIs Selection
The template uses regular expressions to match any request payload or query parameter key. It extracts the matched key and assigns it to the variables "payloadKey" and "queryKey" respectively.
Execute request
The template modifies the query parameter "queryKey" by injecting the value "%24%7B%277%27%20*%207%7D", which represents the expression "${'7'*7}". It also modifies the request body parameter "payloadKey" by injecting the value "${'7'*7}". These modifications aim to test for Server-Side Template Injection vulnerabilities.
Validation
The template validates the response payload by checking if it contains the string "7777777". If the response payload contains this string, it indicates a successful exploitation of the Server-Side Template Injection vulnerability.
Frequently asked questions
What is Server-Side Template Injection (SSTI) and how does it relate to Flask and Jinja templates
How does the SSTI in Flask and Jinja test identify and exploit vulnerabilities
What is the impact of a successful exploitation of the SSTI vulnerability in Flask and Jinja
What are the severity and category of this test
What are the tags associated with this test
Are there any references or resources available for further information on SSTI in Flask and Jinja
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling
