SSTI and Insecure Deserialization improvements based on the new version of my research by vladko312 · Pull Request #820 · swisskyrepo/PayloadsAllTheThings

vladko312 · 2026-02-22T18:29:26Z

SSTI:

Added Elixir/EEx payloads
Added OGNL payloads
Clarified SpEL payloads and details
Fixed PHP Error-Based payloads
Added Twig Error-Based payload for CVE-2022-23614
Insecure Deserialization:
Improved Python payloads

- Added Elixir/EEx payloads - Added OGNL payloads - Clarified SpEL payloads and details - Fixed PHP Error-Based payloads - Added Twig Error-Based payload for CVE-2022-23614 Insecure Deserialization: - Improved Python payloads

Removed note about platform-specific payloads and added information on creating a universal payload using eval.

Updated the title and provided a brief overview of Server-Side Template Injection in Elixir.

vladko312 · 2026-03-02T17:18:05Z

@swisskyrepo Why was Elixir SSTI page renamed to Elixir deserialization? The only changes for insecure deserialization were regarding python payloads

swisskyrepo · 2026-03-02T17:26:34Z

@swisskyrepo Why was Elixir SSTI page renamed to Elixir deserialization? The only changes for insecure deserialization were regarding python payloads

Because I'm an idiot😅
It is fixed in d8e749c

SSTI:

dac5815

- Added Elixir/EEx payloads - Added OGNL payloads - Clarified SpEL payloads and details - Fixed PHP Error-Based payloads - Added Twig Error-Based payload for CVE-2022-23614 Insecure Deserialization: - Improved Python payloads

vladko312 changed the title ~~SSTI and Insecured Deserialization improvements based on the new version of my research~~ SSTI and Insecure Deserialization improvements based on the new version of my research Feb 22, 2026

swisskyrepo added 5 commits March 2, 2026 17:45

Update Python.md to clarify payload compatibility

f99fe06

Removed note about platform-specific payloads and added information on creating a universal payload using eval.

Change title to 'Elixir Deserialization' and update content

5c487ed

Updated the title and provided a brief overview of Server-Side Template Injection in Elixir.

Fix formatting for SpEL and OGNL examples in Java.md

3c063a8

Fix formatting issues in SpEL section of Java.md

3051fc8

Fix CI/CD markdown

b60551e

swisskyrepo merged commit 2e32d27 into swisskyrepo:master Mar 2, 2026
1 check failed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

SSTI and Insecure Deserialization improvements based on the new version of my research#820

SSTI and Insecure Deserialization improvements based on the new version of my research#820
swisskyrepo merged 6 commits intoswisskyrepo:masterfrom
vladko312:master

vladko312 commented Feb 22, 2026

Uh oh!

Uh oh!

vladko312 commented Mar 2, 2026

Uh oh!

swisskyrepo commented Mar 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

vladko312 commented Feb 22, 2026

Uh oh!

Uh oh!

vladko312 commented Mar 2, 2026

Uh oh!

swisskyrepo commented Mar 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants