$shellstate.com

Demo: SSTI Tutorial

2 solves

easy50 pts

A friendly demo of server-side template injection.

This is the platform's reference instance-backed challenge — solving it is mostly about understanding the spawn / connect / exfiltrate / submit loop. The vuln itself is intentionally obvious.

Spawn an instance from this page.
Visit the URL.
The site echoes a search query through a Jinja2 template without escaping.
Coerce the template engine into evaluating {{ flag }} (or read it out of the environment) and submit what you get.

Flag format: flag{...} (per-user, derived from your account).

// instance

sign in to spawn an instance.

// hints

hint #1−5 pts
Locked. Unlocking deducts 5 pts from your eventual solve.
sign in to unlock
hint #2−10 pts
Locked. Unlocking deducts 10 pts from your eventual solve.
sign in to unlock

// submit

sign in to submit a flag.

// writeups

Writeups are gated. Solve the challenge to unlock community solutions.