🧠 (incomplete) Server-side Template Injection

Primary: <% tp.file.cursor(1) %>

Secondary:

What is it?

Concept: (Explain it simply).
Impact: (RCE? Data Leak? Auth Bypass?)

How it works

Step 1…
Step 2…

Exploitation

Prerequisites:

(e.g., Authenticated User)

Attack Vectors

# Paste command or payload here

Mitigation

Fix: (e.g., Use Prepared Statements)

CTFs

Tools

References: Link