Abstract:Template engines play a pivotal role in modern web application development, facilitating the dynamic rendering of content, products, and user interfaces. Nowadays, template engines are essential in any website that deals with dynamic data, from e-commerce platforms to social media. However, their widespread use also makes them attractive targets for attackers seeking to exploit vulnerabilities and gain unauthorized access to web servers. This paper presents a comprehensive survey of template engines, focusing on their susceptibility to Remote Code Execution (RCE) attacks, a critical security concern in web application development.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is the overlooked security threats faced by template engines in modern Web application development, especially their vulnerability to Server - Side Template Injection (SSTI) attacks, which can lead to Remote Code Execution (RCE). Specifically: 1. **Widespread Application and Security Risks of Template Engines**: - Template engines play a crucial role in dynamic content rendering, product display, and user interface generation, and are widely used on websites such as e - commerce platforms and social media. - Although template engines bring a great deal of convenience, their widespread use also makes them targets for attackers, who can exploit vulnerabilities to gain unauthorized access. 2. **SSTI and Its Consequences**: - SSTI is an injection vulnerability that allows attackers to manipulate server - side template engines through malicious input and execute arbitrary code. - SSTI can lead to several serious consequences: - **Information Leakage**: Expose server - side configuration files, source code, and other sensitive information. - **Unauthorized Access**: Attackers may gain access to restricted areas of the application or server. - **Denial - of - Service (DoS) Attacks**: Launch DoS attacks through SSTI, interrupting the normal service of legitimate users. - **Cross - Site Scripting (XSS) Attacks**: Attackers use SSTI to steal sensitive information from legitimate users. - **Remote Code Execution (RCE)**: This is the most dangerous situation, where attackers can execute arbitrary code on the server and fully control the server and its underlying systems. 3. **Deficiencies in Current Research**: - Although research in recent years has mainly focused on the offense and defense of SSTI, the specific issue of RCE in template engines has not received sufficient attention. - There is a lack of tools specifically for RCE evaluation and isolation, and future research needs to provide automated tools to detect and prevent RCE in template engines. 4. **Research Objectives**: - This paper aims to comprehensively investigate the security of template engines, especially how they expose RCE risks in SSTI scenarios. - By analyzing widely used template engines, understand their potential security risks, and propose mitigation strategies and best practices to enhance the security of Web applications. In summary, this paper focuses on the overlooked security risks in template engines, especially the RCE problem caused by SSTI, aiming to provide valuable resources for developers, security practitioners, and researchers to help them understand and mitigate these risks, thereby enhancing the overall security of Web applications.

A Survey of the Overlooked Dangers of Template Engines

Remote Code Execution from SSTI in the Sandbox: Automatically Detecting and Exploiting Template Escape Bugs

A Review on JavaScript Engine Vulnerability Mining

Mitigating Access Control Vulnerabilities through Interactive Static Analysis.

Server side code JavaScript injection in modern Node.js applications

Exploiting and Protecting Dynamic Code Generation.

Where URLs Become Weapons: Automated Discovery of SSRF Vulnerabilities in Web Applications

Practical Attacks against Black-box Code Completion Engines

Detile: Fine-Grained Information Leak Detection in Script Engines

Automated Data Binding Vulnerability Detection for Java Web Frameworks Via Nested Property Graph

Research and Application of Template Engine for Web Back-end Based on MyBatis-Plus

Unveiling the Invisible: Detection and Evaluation of Prototype Pollution Gadgets with Dynamic Taint Analysis

Detection of structure query language injection vulnerability in web driven database application

A Tale of Frozen Clouds: Quantifying the Impact of Algorithmic Complexity Vulnerabilities in Popular Web Servers

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs

Boosting Big Brother: Attacking Search Engines with Encodings

SoK: A Survey of Open-Source Threat Emulators

Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection (Extended Version)

Understanding and Mitigating the Security Risks of Content Inclusion in Web Browsers

Demystifying RCE Vulnerabilities in LLM-Integrated Apps

Understanding The Top 10 OWASP Vulnerabilities