[BUG] Issue with {{ Being Parsed as Variables in SSTI Payload

[Junt184]

Is there an existing issue for this?

• I have searched the existing issues.

Current Behavior

Dear Developers,

I hope this message finds you well. I am writing to seek your assistance regarding an issue I encountered while working on an SSTI (Server-Side Template Injection) payload in Nuclei.

When crafting the payload, I noticed that the double curly braces {{ are being interpreted as variables by Nuclei, which prevents my template from functioning as intended. To address this, I attempted to URL-encode the {{ as %7b%7b, but unfortunately, Nuclei still parses it as a variable.

I have tried several approaches to resolve this, but none have worked so far. I would greatly appreciate it if you could provide guidance on how to preserve the literal {{ in the payload without it being interpreted as a variable.

Thank you very much for your time and support. I truly value your work on Nuclei and look forward to your response.

Expected Behavior

I hope to be able to type in the payload -> {{

Steps To Reproduce

variables:
cmd: "%7b%7b%20b%27eval%27%20%7d%7d"
variables:
cmd: '{{ "{{" }}%20b%27eval%27%20{{ "}}" }}'
variables:
cmd: "{{ "{{" }}%20b%27eval%27%20{{ "}}" }}"
variables:
cmd: '{{ "%7b%7b" }}%20b%27eval%27%20{{ "%7d%7d" }}'
variables:
cmd: "{{ urldecode('%257b%257b') }}%20b%27eval%27%20{{ urldecode('%257d%257d') }}"

Relevant log output

[WRN] [flask-ssti-template] Could not make http request for http://ssti.tp5.lab2.aqlab.cn/: unresolved variables found: %20b[%27eval%27](%27__import__(%22os%22).popen(%22id%22).read()%27)%20
[INF] No results found. Better luck next time!

Environment

- OS: windows
- Nuclei: 3.3.8
- Go:

Anything else?

No response

[ehsandeep]

@Junt184 see https://github.com/orgs/projectdiscovery/discussions/4663#discussioncomment-8184426

[Junt184]

Thanks