pwnig all the (web)things
App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.
Phishing framework for pentesting
C++ and VB implementation of microsoft template injection vulnerability.
The simplest example of a template injection vulnerability
Deterministic input sanitization for untrusted text — homoglyphs, invisible chars, null bytes, NFKC normalization, template injection. Zero dependencies. Python 3.12+.
A simple lab created for testing CSTI vulnerability in AngularJS version 1.0.8, 1.3.20 and 1.5.8 using Sandbox Escape.
CVE-2026-33937 Handlebars RCE exploit PoC (AST Injection)
Sandbox for studying Server-Side and Client-Side Template Injections (SSTI & CSTI) with Flask and AngularJS.
Add a description, image, and links to the template-injection topic page so that developers can more easily learn about it.
To associate your repository with the template-injection topic, visit your repo's landing page and select "manage topics."