Hey folks 👋
I recently tackled a Server-Side Template Injection (SSTI) challenge from the picoCTF and decided to create a write-up and a video to help others learn from it.
This post is a beginner-friendly explanation of the process, covering:
- How to identify SSTI vulnerabilities
- Payload crafting
- Exploitation strategy
- Things I learned and tools I used
🎥 Video Walkthrough
🧠 Full Write-up with Code and Notes
📖 Check out the GitHub repository
This is meant for beginners and students diving into web exploitation, bug bounty, and CTFs.
Feel free to share feedback or ask questions in the comments!