# SSTI

[Got RCE in 2 minutes via SSTI, \~waybackurls http://target.com | qsreplace "daman{{9\*9}}" > fuzz.txt \~ffuf -u FUZZ -w fuzz.txt -replay-proxy http://127.0.0.1:8080/ (captured requests in burp) searched: daman81 in burp, got 43 results from 1266 requests, noiicee](https://twitter.com/MrDamanSingh/status/1317042176337932291?s=20)

![](https://3284959579-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LmdDaax1PAvLD05wJYt%2F-MWEL2vnqM-3RQhgqbId%2F-MWELgz3ZctAOGTgNgZi%2Fimage.png?alt=media\&token=edf7ce22-ba84-4439-a936-85cdfd7a0797)

{% embed url="<https://gosecure.github.io/template-injection-workshop/#0>" %}

{% embed url="<https://twitter.com/alamlearnN/status/1441946293824196612?s=20>" %}

{% embed url="<https://twitter.com/luca_dd7/status/1407352653793923074?s=20>" %}