DEV Community: 00xtrkh The latest articles on DEV Community by 00xtrkh (@00xtrkh). https://dev.to/00xtrkh https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2456353%2Ff194c437-981d-4303-8b56-48f6420ca6e3.png DEV Community: 00xtrkh https://dev.to/00xtrkh en How I Solved a Server-Side Template Injection Challenge (picoCTF Write-up) 00xtrkh Mon, 12 May 2025 01:24:47 +0000 https://dev.to/00xtrkh/how-i-solved-a-server-side-template-injection-challenge-picoctf-write-up-mb9 https://dev.to/00xtrkh/how-i-solved-a-server-side-template-injection-challenge-picoctf-write-up-mb9 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3rtgpk7k2cwp38xqw4n1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3rtgpk7k2cwp38xqw4n1.png" alt="Image description" width="800" height="450"></a>Hey folks 👋</p> <p>I recently tackled a Server-Side Template Injection (SSTI) challenge from the <a href="https://picoctf.org/" rel="noopener noreferrer">picoCTF</a> and decided to create a write-up and a video to help others learn from it.</p> <p>This post is a beginner-friendly explanation of the process, covering:</p> <ul> <li>How to identify SSTI vulnerabilities</li> <li>Payload crafting</li> <li>Exploitation strategy</li> <li>Things I learned and tools I used</li> </ul> <h2> 🎥 Video Walkthrough </h2> <p>📺 <a href="https://www.youtube.com/@00xtrkh" rel="noopener noreferrer">Watch the video on YouTube</a></p> <h2> 🧠 Full Write-up with Code and Notes </h2> <p>📖 <a href="https://github.com/00xtrkh/ctfs-writeups/blob/main/picoctf/2025/web/SSTI1.md" rel="noopener noreferrer">Check out the GitHub repository</a></p> <p>This is meant for beginners and students diving into web exploitation, bug bounty, and CTFs.</p> <p>Feel free to share feedback or ask questions in the comments!</p> <h1> cybersecurity #ctf #ssti #infosec #websecurity #writeup #bugbounty #picoctf </h1> cybersecurity ctf python github