00 — Overview

Server-Side Template Injection (SSTI)

Learn how template engines become weapons when user input reaches the template renderer — from math expressions to full remote code execution.

Intermediate·45 min·7 tasks

// By the end of this module

→Understand how server-side template engines process user input

→Identify template injection sinks in Jinja2, Twig, Pug, and Freemarker

→Escalate SSTI to remote code execution via template sandbox escapes

→Fingerprint the template engine from error messages and responses

// Prerequisites

Foundation · Beginner

45 min

Injection · Intermediate

55 min