Valentine is an easy-difficulty web challenge from the hxp 2022 CTF, involving the exploitation of a **Server Side Template Injection** vulnerability useful to obtain remote code execution. The exploitation is possible thanks to an **undocumented feature** in Express and **EJS** that allows bypassing the security checks made by the application and rendering arbitrary templates. The intended solution adopted a similar approach but used a documented feature that will be covered in the final chapter.

Writeup: [https://maoutis.github.io/writeups/Web%20Hacking/valentine/](https://maoutis.github.io/writeups/Web%20Hacking/valentine/)

Video: [https://youtu.be/omMMpjywq64](https://youtu.be/omMMpjywq64)