SSTI Labs — Server-Side Template Injection

Template injection bugs let attackers escalate from limited template expressions to remote code execution. These labs model real Jinja-style sandbox escapes — walking attribute chains from exposed objects to reach hidden config and beyond.

Template injection vulnerabilities show up in any application that interpolates user-supplied data into a template engine. These labs give you the hands-on experience to recognise the bug class and exploit it through the standard escape patterns used in real-world attacks.

1 Labs in this category

Free No subscription

🛡 SSTI +130 XP

SSTI — Jinja Sandbox Escape

DocsRender uses a Jinja-style template engine in 'safe mode' — only basic variables are exposed. The sandbox is incomplete. Read the secret stored on a non-exposed object.

ADVANCED Start Lab →

Explore other categories

XSS (5) AI HACKING (17) AUTH (7) SQLI (1) SSRF (2) INJECTION (6) LOGIC (1) WEB (7) All Labs