Not an Issue - Add SSTI to your Solutions Wiki

[gromhacks]

@snoopysecurity first things first I want you to know that this application is pretty awesome!

Secondly, I wanted to point out that you actually have a stored "Client Side SSTI" issue when you create a user with the following payload as their username {{'a'.constructor.prototype.charAt=[].join;$eval('x=alert(1)');}}.

I figured you could add this to your wiki located at https://github.com/snoopysecurity/dvws-node/wiki .

Cheers, GromHacks

[snoopysecurity]

Thanks for raising this, indeed i was missing this issue. Added https://github.com/snoopysecurity/dvws-node/wiki/Client-Side-Template-Injection-(CSTI)

[gromhacks]

Sweet! Happy Holidays. I'll let you know if I find any other hidden gems.

On Wed, Dec 21, 2022 at 3:53 PM Sam Sanoop @.***> wrote:

Thanks for raising this, indeed i was missing this issue. Added https://github.com/snoopysecurity/dvws-node/wiki/Client-Side-Template-Injection-(CSTI)

— Reply to this email directly, view it on GitHub https://github.com/snoopysecurity/dvws-node/issues/37#issuecomment-1362228768, or unsubscribe https://github.com/notifications/unsubscribe-auth/AYEEQEWOT7V3SJV4NPGMLELWOOJ55ANCNFSM6AAAAAAS5OAIGU . You are receiving this because you authored the thread.Message ID: @.***>