1. Web Security Academy
  2. Server-side template injection
  3. Exploiting
  4. Lab

Lab: Server-side template injection with a custom exploit


This lab is vulnerable to server-side template injection. To solve the lab, create a custom exploit to delete the file /.ssh/id_rsa from Carlos's home directory.

You can access your own account with the following credentials:

  • username = wiener
  • password = peter


As with many high-severity vulnerabilities, experimenting with server-side template injection can be dangerous. If you are not careful when invoking methods, you could damage your instance of the lab, which could make it unsolvable. In this case, you will need to wait 20 minutes for your lab session to reset.