SSTI is a vulnerability that could affect a large number of applications, as we saw. These flaws are so extensive. As a conclusion, we can list the following:
- This bug is critical. The impact could be an RCE attack, not just in the affected server, but in another on the same network.
- An SSTI found in an application exposes the application, web server, and network.
- To look for SSTI vulnerabilities, enter values to be evaluated and if you get a result, try harder!
- I recommend reading this presentation: https://www.blackhat.com/docs/us-15/materials/us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf by James Kettle, about SSTI.