Analysis
Server Side Template Injection: From a Curious {{7*7}} to Owning the Server
Template engines mix data into pages. Feed user input into the template itself and an attacker can run code on the server. Here is how SSTI works and how to prevent it.
7 min read·#ssti#web-security#rce