Question

It’s time to find your first template injection vulnerability by following the steps we discussed in this chapter:

是时候按照本章节讨论的步骤，找到你的第一个模板注入漏洞了。

1. Identify any opportunity to submit user input to the application. Mark down candidates of template injection for further inspection.
2. Detect template injection by submitting test payloads. You can use either payloads that are designed to induce errors, or engine-specific payloads designed to be evaluated by the template engine.
3. If you find an endpoint that is vulnerable to template injection, determine the template engine in use. This will help you build an exploit specific to the template engine.
4. Research the template engine and programming language that the target is using to construct an exploit.
5. Try to escalate the vulnerability to arbitrary command execution.
6. Create a proof of concept that does not harm the targeted system. A good way to do this is to execute touch template_injection_by_ YOUR_NAME .txt to create a specific proof-of-concept file.
7. Draft your first template injection report and send it to the organization!