Exploit template injection flaws
offensive-sstiskillsetup L2★2,144
SnailSploit/Claude-Red ↗What it does
Exploit SSTI for remote code execution
Best for
RCE via template injection on Jinja2, ERB, and Handlebars endpoints
Inputs
- · target_endpoint (template render)
- · ssti_payload (jinja2, erb, handlebars)
Outputs
- · code_execution_proof ({{7*7}}=49, {{config}}, command output)
Requires
- · HTTP client
- · SSTI payload library
Preconditions
SSTI endpoint confirmed, template engine identified, permission to inject
Failure modes
- · Sandbox prevents payload execution
- · WAF filters common {{}} patterns
- · Template syntax varies by engine (ERB vs Jinja2)
- · Blind SSTI requires OOB channel
Trust signals
- · Engine-specific payloads ({{7*7}} for Jinja2, <%= system() %> for ERB)
- · Sandbox escape techniques documented
- · Data exfiltration via error messages