Server Side Template Injection (SSTI)

Web application uses templates to make the web pages look more dynamic. Template Injection occurs when user input is embedded in a template in an unsafe manner. However in the initial observation, this vulnerability is easy to mistake for XSS attacks. But SSTI attacks can be used to directly attack web servers’ internals and leverage the attack more complex such as running remote code execution and complete server compromise.

Read more about Server Side Template Injection (SSTI)


  • Template Engine used is TWIG
  • Loader function used = "Twig_Loader_String

Please Enter your Name.