WebsitesVulnerableToSSTI

Overview

The Vulnerable Websites project provides a collection of simple websites designed to help users learn how to exploit Server Side Template Injections (SSTI). It can also be used to test automated vulnerability scanning tools. However, it should be noted that some of the servers may not be working.

Features

• Engine: The project includes a list of servers with different template engines, such as jinja2, Mako, Tornado, Django, Smarty, Smarty (secure mode), Twig, FreeMarker, Velocity, Thymeleaf, Groovy, jade, Nunjucks, doT, Marko, Dust, EJS, and vuejs.
• Language: The vulnerable servers are built using various programming languages, including Python, PHP, Java, and JavaScript.
• Burp and ZAP Support: The servers are compatible with Burp and ZAP, two popular security testing tools.
• Template Injection: Each server demonstrates server-side template injection vulnerabilities and provides examples of their exploitation.
• Known Exploits: Some of the servers have known exploits that can be used to test their security.

Summary

The Vulnerable Websites project is a collection of simple websites aimed at helping users understand and exploit Server Side Template Injections (SSTI). It provides a variety of servers with different template engines and is compatible with popular security testing tools such as Burp and ZAP. While some servers may not be working, the project offers known exploits and examples for users to explore.