Exploitation of SSTI Vulnerability in Django via HackTheBox Scenario

An article details the exploitation of a Server-Side Template Injection (SSTI) vulnerability in the Django template engine, demonstrated through a scenario on the HackTheBox platform. The method allows gaining user access by exploiting a flaw in template rendering. After authentication, privilege escalation is achieved by manipulating the Django Cache to access another user's context. Finally, encrypted backups are decrypted to retrieve credentials. No specific date or vulnerable Django version is mentioned.