osirislab · ericung · Jun 12, 2025 · Jun 13, 2025
diff --git a/docs/web-exploitation/template-injection/what-is-a-template-injection.md b/docs/web-exploitation/template-injection/what-is-a-template-injection.md
@@ -0,0 +1,24 @@
+# Server Side Template Injection
+
+Server side template injection starts off with as a two sets of brackets containing each other and contains operations in it. Seen below is an example of an operation being passed into a parameter for an argument of a website.
+
+```
+{{8*8}}
+``` 
+
+One of the next features in it is python which can be passed into a parameter for an argument if a website isn't secure enough to be tested on it. The next example shows a python command being injected into the the parameter of a website.
+
+
+```
+{{self.__init__.__globals__.__builtins__.__import__(os).popen(ls .).read()}}
+```
+
+This opens the door for parameter testing different websites so be advised on testing this.
+
+
+# References
+
+![Server Side Template Injection With Jinja2](https://www.onsecurity.io/blog/server-side-template-injection-with-jinja2/)
+
+![Template Injection Vulnerabilities](https://www.paloaltonetworks.com/blog/cloud-security/template-injection-vulnerabilities/)
+