From 524308922af967b57e60ca85ee94f8a28ce17b24 Mon Sep 17 00:00:00 2001
From: liquidsec <paul.mueller08@gmail.com>
Date: Fri, 29 Nov 2024 08:45:20 -0500
Subject: [PATCH] additional ssti signature

---
 bbot/modules/lightfuzz_submodules/ssti.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bbot/modules/lightfuzz_submodules/ssti.py b/bbot/modules/lightfuzz_submodules/ssti.py
index 53c7605fa..766356b58 100644
--- a/bbot/modules/lightfuzz_submodules/ssti.py
+++ b/bbot/modules/lightfuzz_submodules/ssti.py
@@ -5,7 +5,7 @@ class SSTILightfuzz(BaseLightfuzz):
     async def fuzz(self):
 
         cookies = self.event.data.get("assigned_cookies", {})
-        ssti_probes = ["<%25%3d%201337*1337%20%25>","<%= 1337*1337 %>", "${1337*1337}", "%24%7b1337*1337%7d"]
+        ssti_probes = ["<%25%3d%201337*1337%20%25>","<%= 1337*1337 %>", "${1337*1337}", "%24%7b1337*1337%7d", "1,787{{z}},569"]
         for probe_value in ssti_probes:
             r = await self.standard_probe(self.event.data["type"], cookies, probe_value, allow_redirects=True)      
             if r and ("1787569" in r.text or "1,787,569" in r.text):
@@ -15,4 +15,4 @@ async def fuzz(self):
                         "description": f"POSSIBLE Server-side Template Injection. {self.metadata()} Detection Method: [Integer Multiplication] Payload: [{probe_value}]",
                     }
                 )
-                break
+                break
\ No newline at end of file