From 2c152d4a8d0785e1d99545fba9cbde7c3367574f Mon Sep 17 00:00:00 2001
From: Eric Ung <ericweichungung@outlook.com>
Date: Thu, 12 Jun 2025 11:22:53 -0500
Subject: [PATCH 1/2] Write a document for template injection

---
 .../what-is-a-template-injection.md           | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 docs/web-exploitation/template-injection/what-is-a-template-injection.md

diff --git a/docs/web-exploitation/template-injection/what-is-a-template-injection.md b/docs/web-exploitation/template-injection/what-is-a-template-injection.md
new file mode 100644
index 00000000..91c6e8a2
--- /dev/null
+++ b/docs/web-exploitation/template-injection/what-is-a-template-injection.md
@@ -0,0 +1,20 @@
+# Server Side Template Injection
+
+Server side template injection starts off with as a two sets of brackets containing each other and contains operations in it. Seen below is an example of an operation being passed into a parameter for an argument of a website.
+
+```
+{{8*8}}
+``` 
+
+One of the next features in it is python which can be passed into a parameter for an argument if a website isn't secure enough to be tested on it. The next example shows a python command being injected into the the parameter of a website.
+
+
+```
+{{self.__init__.__globals__.__builtins__.__import__(os).popen(ls .).read()}}
+```
+
+
+# References
+
+![Server Side Template Injection With Jinja2](https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2/)
+![Template Injection Vulnerabilities](https://www.paloaltonetworks.com/blog/cloud-security/template-injection-vulnerabilities/)

From c51b4cce150eaa180376f7af46d583d3f1036857 Mon Sep 17 00:00:00 2001
From: Eric Ung <ericweichungung@outlook.com>
Date: Thu, 12 Jun 2025 19:46:48 -0500
Subject: [PATCH 2/2] lasting notes

---
 .../template-injection/what-is-a-template-injection.md        | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/web-exploitation/template-injection/what-is-a-template-injection.md b/docs/web-exploitation/template-injection/what-is-a-template-injection.md
index 91c6e8a2..fc9fde7d 100644
--- a/docs/web-exploitation/template-injection/what-is-a-template-injection.md
+++ b/docs/web-exploitation/template-injection/what-is-a-template-injection.md
@@ -13,8 +13,12 @@ One of the next features in it is python which can be passed into a parameter fo
 {{self.__init__.__globals__.__builtins__.__import__(os).popen(ls .).read()}}
 ```
 
+This opens the door for parameter testing different websites so be advised on testing this.
+
 
 # References
 
 ![Server Side Template Injection With Jinja2](https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2/)
+
 ![Template Injection Vulnerabilities](https://www.paloaltonetworks.com/blog/cloud-security/template-injection-vulnerabilities/)
+