EncryptCodecencryptcodec
Simulations/SSTI

Server-Side Template Injection

Advanced

This web app renders user input directly in a Jinja2 template. Detect the template engine with math expressions, escalate to remote code execution, then learn how sandboxing prevents it.

Progress:
1
Detect Template Engine
2
Escalate to RCE
3
Apply Sandbox
app.io/profile/greeting

Custom Greeting

Enter your custom greeting message. The server renders it using Jinja2.

Server-Side Rendering
Template Source
<h1>Hello, ...!</h1>
Quick Payloads

Challenges

1
Detect Template Engine
Input {{7*7}} into the template field. If the server renders "49", it confirms server-side template injection.
hints
2
Escalate to RCE
Exploit the template injection to execute system commands on the server.
hints
3
Apply Sandbox
Enable template sandboxing and verify that injection is prevented.
hints
How to fix SSTI
Never render user input as template source code

Frequently Asked Questions