Injection: SSTI (Server-Side Template Injection)¶

Identifier: ssti

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Server-Side Template Injection vulnerabilities occur when attackers can inject template code that is processed by server-side template engines, potentially allowing system command execution, sensitive data access, or server compromise.

How we test: We inject template injection payloads specific to various template engines into request parameters and analyze responses to detect if template code is executed. We test for template syntax recognition, code execution, and information disclosure across different template engines.

Prerequisites:

The target must expose request parameters that can be safely tested.
Response analysis requires non-empty responses that can be compared against baseline behavior.

References:

https://portswigger.net/web-security/server-side-template-injection

Configuration¶

Example¶

Example configuration:

---
security_tests:
  ssti:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.