gitex2026/AttackSurface/dist/testcases/owasp/sst-injection.yml

payload:
  - '<#assign ex = "freemarker.template.utility.Execute"?new()>${ ex("id")}'
  - 'aaaa\u0027%2b#{16*8787}%2b\u0027bbb'
  - '{{1337*1338}}'
encoder:
  - Base64Flat
  - URL
placeholder:
  - URLPath
  - URLParam
  - HTMLForm
  - HTMLMultipartForm
type: SST Injection