Add SSTI and Header Injection vulnerability skills#191
Conversation
|
and Header Injection vulnerability |
Greptile SummaryAdds two new vulnerability skill files ( Confidence Score: 5/5Safe to merge — remaining findings are documentation-level P2s that do not affect runtime behaviour All findings are P2; no P0/P1 issues remain after previous review rounds corrected the payload accuracy problems Both files warrant a quick re-read of the two flagged snippets before merging, but neither requires blocking changes Important Files Changed
Prompt To Fix All With AIFix the following 2 code review issues. Work through them one at a time, proposing concise fixes.
---
### Issue 1 of 2
strix/skills/vulnerabilities/ssti.md:409-410
**`{{('__cl'+'ass__')}}` renders a string, not an attribute access**
The first example in this bullet concatenates two literals into the string `__class__` and renders it verbatim — it performs no attribute lookup and achieves no bypass on its own. A tester who copies it in isolation will get the output `__class__` rather than the class object, which could lead them to conclude string concatenation is an ineffective evasion. The only functional bypass here is the `|attr(...)` form shown immediately after; the bare concatenation snippet should be folded into that form or removed to avoid the confusion.
### Issue 2 of 2
strix/skills/vulnerabilities/header_injection.md:138
**`X-Accel-Redirect` is an LFI/file-read primitive, not an open-redirect**
`X-Accel-Redirect` is an Nginx internal-redirect header: when the upstream application sets it, Nginx serves the *local file path* specified in the value, bypassing normal request routing. Its impact is unauthorized file read / SSRF-to-internal-file, not an open redirect to an external URL. Listing it under "Open Redirect via Headers" misrepresents both the attack class and the impact, and could cause a tester to apply the wrong validation criteria (they'd look for an external redirect instead of an internal file being served). It fits better under a server-side file access or SSRF-adjacent section, or at minimum the parenthetical should note that the impact is internal file serving rather than redirect.
Reviews (5): Last reviewed commit: "add header-injection and ssti vulnerabil..." | Re-trigger Greptile |
There was a problem hiding this comment.
Pull request overview
This PR adds two new vulnerability skill documents under strix/skills/vulnerabilities, expanding the repository’s offensive-security guidance with playbooks for SSTI and HTTP header injection. It fits the existing skills library pattern by providing reconnaissance, validation, false-positive handling, and impact guidance for additional vulnerability classes.
Changes:
- Add a new SSTI skill covering engine fingerprinting, bypass techniques, and language-specific RCE primitives.
- Add a new HTTP header injection skill covering CRLF injection, cache poisoning, Host-header abuse, and proxy/header trust issues.
- Extend the vulnerability catalog with two new markdown-based reference guides that follow the existing skill-file structure.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
strix/skills/vulnerabilities/ssti.md |
Adds a new SSTI reference guide with engine-specific probes, exploitation paths, and validation steps. |
strix/skills/vulnerabilities/header_injection.md |
Adds a new header-injection reference guide covering response splitting, cache poisoning, forwarding-header abuse, and smuggling-related checks. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Two new skills under strix/skills/vulnerabilities/ filling real gaps
in coverage:
- header_injection.md — CRLF / response splitting / smuggling, cache
poisoning, Host-header confusion, cookie tossing, X-Forwarded-*
spoofing, Content-Type / encoding tricks, header-driven XSS and
open redirects, HTTP/2 frame confusion.
- ssti.md — engine fingerprinting (Jinja / Twig / Velocity / Freemarker
/ SpEL / ERB / EJS / Pug / doT), per-language gadget chains, sandbox
escape patterns, RCE primitives, post-exploitation.
Re-authored from the original .jinja contributions (deprecated format)
to match the current skill template (frontmatter + Attack Surface /
HVT / Reconnaissance / Key Vulnerabilities / Bypass / Methodology /
Validation / False Positives / Impact / Pro Tips / Summary). Several
inaccurate payloads from the original (Smarty {system()}, Thymeleaf
*{...} in the universal probe table, "Cyrillic" overlong UTF-8 framing,
Set-Cookie XSS framing) corrected during the port.
Adds two new vulnerability skill files under
strix/skills/vulnerabilities/:ssti.md— Server-side template injection across Jinja / Mako / Velocity / Freemarker / Thymeleaf (SpEL) / Twig / Smarty / Blade / ERB / Haml / Handlebars / Nunjucks / EJS. Engine fingerprinting, per-language gadget chains, sandbox escape patterns, RCE primitives, post-exploitation.header_injection.md— HTTP header injection covering CRLF / response splitting / request smuggling, cache poisoning, Host-header confusion, cookie tossing,X-Forwarded-*/X-Original-URLspoofing, Content-Type / encoding tricks, header-driven XSS and open redirects, HTTP/2 frame confusion.Both files follow the established skill template (frontmatter + Attack Surface / High-Value Targets / Reconnaissance / Key Vulnerabilities / Bypass Techniques / Testing Methodology / Validation / False Positives / Impact / Pro Tips / Summary), matching the format used by
sql_injection.md,csrf.md,ssrf.md,xss.md, and the rest of the existing vulnerability skills.Test plan
${T(java.lang.Runtime).getRuntime().exec('id')}for SpEL,{{cycler.__init__.__globals__.os.popen('id').read()}}for Jinja)strix/skills/__init__.pyauto-discovers the new files (no registration needed for skills, per existing convention)