🔧 Can you exploit the template engine to gain admin access?

Welcome to Template Injection! In this challenge, you'll encounter TechCorp's customer support portal, a realistic web application that allows customers to submit and track technical support tickets. The application uses server-side template engines to generate dynamic ticket confirmations and email notifications. However, due to insufficient input validation in the ticket submission process, the template engine is vulnerable to Server-Side Template Injection (SSTI) attacks, allowing attackers to execute arbitrary code on the server.

• Understand Server-Side Template Injection vulnerabilities in real-world applications
• Learn to identify and exploit SSTI in customer support and ticketing systems
• Master Jinja2 template payload construction for privilege escalation
• Practice exploiting template engines in business-critical applications

The TechCorp Support Portal allows authenticated customers to submit support tickets with detailed issue descriptions. When tickets are submitted, the system generates dynamic confirmation pages using server-side templates. The ticket description field is processed directly by the Jinja2 template engine without proper sanitization. Your task is to exploit this SSTI vulnerability through the ticket submission process to escalate your privileges and gain administrative access to retrieve the hidden flag.

Server-Side Template Injection in support ticketing systems is a common vulnerability found in enterprise applications. When customer-submitted content is processed through template engines for generating confirmations, notifications, or reports, inadequate input sanitization can lead to code execution. This scenario represents a realistic attack vector where customer support portals become entry points for privilege escalation and system compromise.