SSTI

My notes on Server Side Template Injection taken while solving the SSTI walkthroughs on TryHackMe.

https://tryhackme.com/room/learnssti

Introduction

Occurs when a user input is injected in the template engine of an app. DoS, privilege escalation, RCE are several security issues that can occur here. SSTI vulnerabilities are found in websites which use template engines to generate dynamic content.

For example, Jinja2 is a template engine used in Flask applications.

SSTI is a server side exploit.

PreviousExploitationNextExample 1

Last updated