Security Knowledge Framework
CtrlK
  • Introduction
  • Auth Bypass
  • Auth Bypass - 1
  • Auth Bypass - 2
  • Auth-bypass - 3
  • Auth-bypass - Simple
  • Client Side Restriction Bypass
  • Client Side Restriction Bypass - Harder
  • Client Side Template Injection (CSTI)
  • Command Injection (CMD)
  • Command Injection 2 (CMD-2)
  • Command Injection 3 (CMD-3)
  • Command Injection 4 (CMD-4)
  • Command Injection Blind (CMD-Blind)
  • Content-Security-Policy (CSP)
  • CORS exploitation
  • Credentials Guessing
  • Credentials Guessing - 2
  • Cross Site Scripting (XSS)
  • Cross Site Scripting - Attribute (XSS-Attribute)
  • Cross Site Scripting - href (XSS-href)
  • Cross Site Scripting - DOM (XSS-DOM)
  • Cross Site Scripting - DOM-2 (XSS-DOM-2)
  • Cross Site Scripting - Stored (XSS-Stored)
  • CSRF
  • CSRF - Samesite
  • CSRF - Weak
  • CSS Injection (CSSI)
  • Deserialisation Java (DES-Java)
  • Deserialisation Yaml (DES-Yaml)
  • Deserialisation Pickle (DES-Pickle)
  • Deserialisation Pickle 2 (DES-Pickle-2)
  • DoS Regex
  • File upload
  • Formula Injection
  • GraphQL DOS
  • GraphQL IDOR
  • GraphQL Injections
  • GraphQL Introspection
  • GraphQL Mutations
  • Host Header Injection (Authentication Bypass)
  • HttpOnly Session Hijacking XSS
  • Information Leakeage in Comments
  • Information Leakeage in Metadata
  • Insecure Direct Object References (IDOR)
  • JWT Null
  • JWT Secret
  • Ldap Injection
  • Ldap Injection - harder
  • Local File Inclusion 1 (LFI-1)
  • Local File Inclusion 2 (LFI-2)
  • Local File Inclusion 3 (LFI-3)
  • Parameter Binding
  • Prototype Pollution
  • Race Condition
  • Race Condition File-Write
  • Ratelimiting (Brute-force login)
  • Remote File Inclusion (RFI)
  • Right To Left Override (RTLO)
  • Server Side Request Forgery (SSRF)
  • Server Side Template Injection (SSTI)
    • Python - Server Side Template Injection (SSTI)
    • Java - Server Side Template Injection (SSTI)
  • Session Hijacking XSS
  • Session Puzzling
  • Session Management 1
  • SQLI (Union)
  • SQLI Login Bypass
  • SQLI (Like)
  • SQLI (Blind)
  • TLS Downgrade
  • Untrusted Sources (XSSI)
  • URL Redirection
  • URL Redirection - Harder
  • URL Redirection - Harder-2
  • WebSocket Message Manipulation
  • XML External Entity (XXE)
  • Exposed docker daemon
  • Insecure Random
  • template item
Powered by GitBook
On this page

Was this helpful?

Edit

Server Side Template Injection (SSTI)

Python - Server Side Template Injection (SSTI)Java - Server Side Template Injection (SSTI)
PreviousNodeJS - Server Side Request Forgery (SSRF)NextPython - Server Side Template Injection (SSTI)

Last updated 2 years ago

Was this helpful?