Summary

The main goal of this vulnerability is to find a place where your input is being sent to the template engine as a variable to be rendered. Then, a valid gadget should be found to end up achieving Remote Code Execution.

In a whitebox approach, strings like render_template_string can help finding this kind of vulnerability. On the other hand, in a blackbox approach, the most used payload to test for the execution of this vulnerability is {{7*'7'}} waiting for the server to answer 7777777 and {{7*7}} being 49 the response.