Is your company secure? Contact us today - SecQuest can help

Server Side Template Injection


Introduction: In recent years web technologies have come a long way, companies are moving away from traditional frameworks and exploring new web based technology, insert templating engines. Templating engines used for web development is nothing new my any means, but as the complexity of web applications continue to grow, so does the engines behind them, insert template injection. This vulnerability has been around for some years at some capacity within engines such as Twig and Freemarker. However this article will focus on the potential impact within Flask which utilises the Jinja2 templating engine. Template injection most commonly occurs when data is improperly handled and processed by the templating engine, due to this, it can go undetected unless specifically tested for due to warning signs being similar to Cross Site Scripting Vulnerabilities...

Click on the .pdf link to the article below to read the full article. 

Read More