server-side template injection (ssti)
Server-side template injection (SSTI) refers to a security vulnerability where an attacker can inject malicious code into templates used by a server to dynamically generate web content. This can allow the attacker to execute arbitrary commands, access sensitive server-side data, or perform other unauthorized actions.
Requires login.
Related Concepts (14)
- code injection vulnerabilities
- cross-site scripting (xss)
- dynamic web application framework
- html injection
- input validation
- process injection
- remote code execution (rce)
- server-side code execution
- server-side rendering
- server-side request forgery (ssrf)
- template engines
- web application exploitation
- web application security
- web vulnerabilities
Similar Concepts
- client-side code injection
- cross-site script inclusion (xssi)
- javascript code injection
- script injection
- script injection attacks
- server side code injection
- server side request forgery (ssrf)
- server-side code injection
- server-side includes (ssi)
- server-side request forgery (ssrf) vulnerabilities
- server-side request smuggling (ssrs)
- server-side template injection
- server-side xml injection
- static application security testing (sast)
- template injection