profile_image
Remote SSTI Execution
Time30 Minutes
LevelEasy
start lab

What is Server Side Template Injection?

Server-side Template Injection is a type of web security vulnerability that occurs when an attacker is able to inject malicious code into a web application's template engine. This can lead to arbitrary code execution on the server, allowing an attacker to gain unauthorized access to sensitive data and perform malicious actions.

In a Server-side Template Injection Capture the Flag (CTF) challenge, participants are tasked with finding and exploiting vulnerabilities in web applications that use template engines. This may involve modifying templates in such a way that they execute arbitrary code, bypassing security measures, and accessing sensitive information. The goal of these CTFs is to raise awareness of this type of vulnerability and help participants to understand how it can be exploited, as well as to provide a hands-on learning experience in secure web application development.

Severity

SSTI can vary from medium to high depending on the kind of access it gives

Exploiting SSTI

1

Test every entry point on a target website.

2

Check for SSTI with template injection payloads

3

Check for template output