Skip to content

New SSTI payloads for Error-Based and Boolean-Based techniques#812

Merged
swisskyrepo merged 6 commits intoswisskyrepo:masterfrom
vladko312:master
Jan 3, 2026
Merged

New SSTI payloads for Error-Based and Boolean-Based techniques#812
swisskyrepo merged 6 commits intoswisskyrepo:masterfrom
vladko312:master

Conversation

@vladko312
Copy link
Copy Markdown
Contributor

@vladko312 vladko312 commented Jan 3, 2026
edited
Loading

SSI:

  • Added SSTImap to the tools, as it now supports SSI detection and exploitation

SSTI:

  • Added description for known detection and exploitation techniques
  • Added payloads for universal detection
  • Added universal payloads for different languages
  • Added Error-Based and Boolean-Based payloads
  • Moved SpEL payloads using T() to the correct category
  • Moved Pug payloads to the correct language and updated info to reflect the actual name

@vladko312
SSI:
7fb2ff7 
- Added SSTImap to the tools, as it now supports SSI detection and exploitation
SSTI:
- Added description for known detection and exploitation techniques
- Added payloads for universal detection
- Added universal payloads for different languages
- Added Error-Based and Boolean-Based payloads
- Moved SpEL payloads using `T()` to the correct category
- Moved Pug payloads to the correct language and updated info to reflect the actual name
@vladko312
SSTI:
abbbf2f 
- Fixed NodeJS payloads
@vladko312
Copy link
Copy Markdown
Contributor Author

vladko312 commented Jan 3, 2026

Should I resolve conflicts now?

@swisskyrepo
Copy link
Copy Markdown
Owner

swisskyrepo commented Jan 3, 2026

Yes, if you can that would be great :)

@vladko312
Copy link
Copy Markdown
Contributor Author

vladko312 commented Jan 3, 2026

Done

@vladko312
Copy link
Copy Markdown
Contributor Author

vladko312 commented Jan 3, 2026

Should I fix the MarkDown problems?

If so, how should I specify the language for universal detection payloads?

@swisskyrepo
Copy link
Copy Markdown
Owner

swisskyrepo commented Jan 3, 2026

Yes you can.
For universal I use the Powershell language because it highlights most of the special characters .
Once the markdown linting is resolved I will merge this PR :)

@vladko312
SSI, SSTI:
09a5f07 
- Improved MarkDown
@vladko312
Copy link
Copy Markdown
Contributor Author

vladko312 commented Jan 3, 2026

Done

@vladko312
SSTI:
bec6524 
- Fixed NodeJS payloads
@vladko312
Copy link
Copy Markdown
Contributor Author

vladko312 commented Jan 3, 2026

Removed implicit type conversions, just in case

@swisskyrepo swisskyrepo merged commit a711494 into swisskyrepo:master Jan 3, 2026
1 check passed
@swisskyrepo
Copy link
Copy Markdown
Owner

swisskyrepo commented Jan 3, 2026

Perfect, let's get this merged !
Thank you for your contribution 👍

dplpopote
dplpopote reviewed Jan 4, 2026
View reviewed changes
Copy link
Copy Markdown

@dplpopote dplpopote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@dplpopote dplpopote dplpopote left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

work-in-progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vladko312 @swisskyrepo @dplpopote