These Server Side Template injection techniques analyze the application's response to parameter values that are designed to be interpreted and executed by a template engine. Vulnerabilities identified by this module highlight problems with input validation routines and the creation of server side template statement. This indicates that the application has not fully validated user-supplied input. These errors can lead to XSS injection or arbitrary code execution.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center