Server-Side Template Injection Key Information on the Vulnerability Definition: - Server-side template injection happens when an attacker uses the template engine's native syntax to inject a malicious payload into a template, which is then executed server-side. Impact: - The impact can be catastrophic, potentially allowing remote code execution, complete server control, and execution of other attacks on internal infrastructure. Causes: - Vulnerabilities arise when user input is concatenated into templates instead of being passed in as data. This can be due to poor template design. Detection Process: 1. Fuzzing: Inject a sequence of special characters commonly used in template expressions. 2. Context-Specific Probes: Test with context-specific payloads to confirm the template engine’s reaction. Exploitation Flow: 1. Detect: Fuzz the template with special characters. 2. Identify: Determine the template engine in use. 3. Exploit: Read, Explore, and Attack. Prevention: - Avoid allowing users to modify or submit new templates. - Use a “logic-less” template engine that limits complex logic. - Execute user code in a sandboxed environment.