Server-Side Template Injection (SSTI)

Server-Side Template Injection occurs when user input is embedded directly into a template engine without sanitization. The engine evaluates the payload as code, leading to information disclosure or RCE.

Ready Click Next Step to begin.

Payload / Response

Engine Context

const SVG_NS = 'http://www.w3.org/2000/svg';