The -template- prefix suggests an application vulnerability where user input is inserted into a file path template. For example: /var/www/html/templates/user/-template-[USER_INPUT]-here.html
(Spaces added for clarity; actual payload has no spaces). -template-..-2F..-2F..-2F..-2Froot-2F.aws-2Fcredentials
import re if not re.match("^[a-zA-Z0-9_-]+$", template_name): raise Exception("Invalid template name") Before using a user-supplied path, resolve it to its absolute form and verify it stays within the intended base directory. -template-..-2F..-2F..-2F..-2Froot-2F.aws-2Fcredentials
A typical file looks like this: