Server-Side Template Injection (SSTI) is a web application security vulnerability where user-controllable input is used to inject template code into a server-side templating engine, allowing an attacker to execute arbitrary code on the server. This can be achieved by manipulating inputs such as form fields, cookies, or URL parameters to inject malicious template code, resulting in the execution of unintended commands or access to sensitive data.
View All Tags
This walkthrough guides through solving a series of challenges on the Hack The Box website, specifically the Bike machine, to exploit a server-side template injection vulnerability in Node.js and gain root privileges.
Machine Name: Bike | Difficulty: Easy | OS: Linux