Injection: SSTI (Server-Side Template Injection)¶

Identifier: ssti

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Server-Side Template Injection vulnerabilities occur when attackers can inject template code that is processed by server-side template engines, potentially allowing system command execution, sensitive data access, or server compromise.

How we test: We inject template injection payloads specific to various template engines into request parameters and analyze responses to detect if template code is executed. We test for template syntax recognition, code execution, and information disclosure across different template engines.

Execution conditions (BLST):

Runs when this test is enabled, arguments are present, the response is non-empty, and coverage is OK, VALIDATION_ERROR, or SERVER_ERROR.

References:

https://portswigger.net/web-security/server-side-template-injection

Configuration¶

Example¶

Example configuration:

---
security_tests:
  ssti:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.