HARD
SSTI in the Wild
40
points
A Flask application renders user input directly in Jinja2 templates. Exploit server-side template injection to achieve remote code execution and read the flag.
40
points
A Flask application renders user input directly in Jinja2 templates. Exploit server-side template injection to achieve remote code execution and read the flag.