Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handlebars issues. #13

Open
sectroyer opened this issue May 18, 2023 · 1 comment
Open

Handlebars issues. #13

sectroyer opened this issue May 18, 2023 · 1 comment
Labels
delayed The issue will be fixed with a big update later template engine A template engine to add

Comments

@sectroyer
Copy link

I was testing SSTImap with PortSwiggers Server-side template injection in an unknown language with a documented exploit (https://portswigger.net/web-security/server-side-template-injection/exploiting/lab-server-side-template-injection-in-an-unknown-language-with-a-documented-exploit) lab and noticed some issues. First of all Handlebars engine was detected as Dust but it might because both are nodejs based. Second issue there was no cmd/shell support for this plugin. I tried using tpl-shell but only got some exception.
@vladko312
Copy link
Owner

Handlebars is not supported by SSTImap yet, so it can cause incorrect detections.
tpl-shell might work, if you write Handlebars code in it according to the detected context.
I will probably add Handlebars soon, but I need to do some research for that.

@vladko312 vladko312 added template engine A template engine to add delayed The issue will be fixed with a big update later labels May 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
delayed The issue will be fixed with a big update later template engine A template engine to add
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sectroyer @vladko312