> For the complete documentation index, see [llms.txt](https://gowthams.gitbook.io/bughunter-handbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/ssti.md).

# SSTI

[Got RCE in 2 minutes via SSTI, \~waybackurls http://target.com | qsreplace "daman{{9\*9}}" > fuzz.txt \~ffuf -u FUZZ -w fuzz.txt -replay-proxy http://127.0.0.1:8080/ (captured requests in burp) searched: daman81 in burp, got 43 results from 1266 requests, noiicee](https://twitter.com/MrDamanSingh/status/1317042176337932291?s=20)

![](/files/-MWELgz3ZctAOGTgNgZi)

{% embed url="<https://gosecure.github.io/template-injection-workshop/#0>" %}

{% embed url="<https://twitter.com/alamlearnN/status/1441946293824196612?s=20>" %}

{% embed url="<https://twitter.com/luca_dd7/status/1407352653793923074?s=20>" %}
