diff --git a/app.py b/app.py
index 12e709a..1ba9a61 100644
--- a/app.py
+++ b/app.py
@@ -1,10 +1,11 @@
 import werkzeug
-from flask import Flask, render_template, request, url_for, session, redirect, g, abort, send_file
+from flask import Flask, render_template, request, url_for, session, redirect, g, abort, send_file, render_template_string
 import sqlite3
 from random import getrandbits
 from func import *
 import base64
 
+
 connection = sqlite3.connect('database.db')
 cursor = connection.cursor()
 cursor.execute('''
@@ -73,9 +74,35 @@ def webidor():
 def webpt():
     return render_template('path-traversal.html')
 
-@app.route("/web/ssti")
+@app.route("/web/ssti", methods=('GET', 'POST'))
 def webssti():
-    return render_template('ssti.html')
+    id = session.get('ssti_id')
+    flag = session.get('flag_ssti')
+    if id not in comments.keys():
+        session['ssti_id'] = id = hex(getrandbits(45))[2:]
+        comments[id] = []
+        session['flag_ssti'] = flag = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'
+
+    if request.method == 'POST':
+        if 'user_flag' in  request.form.keys():
+            user_flag = request.form['user_flag']
+            if user_flag == flag:
+                return render_template('ssti.html', flag=flag, success_flag='.')
+            return render_template('ssti.html', flag=flag, error='Ошибка: неверный флаг!')
+
+        username = request.form['username']
+        comment = request.form['user_comment']
+        comments[id].append((username, comment))
+    def render(x):
+        try:
+            return render_template_string(x, flag=flag)
+        except:
+            return x
+    return render_template('ssti.html', render_template_string=render, comments=comments[id], flag=flag)
+
+
+comments = {}
+
 
 @app.route("/web/portswigger-guide")
 def webpsguide():
diff --git a/static/index.css b/static/index.css
index fcbe31a..32e5fe0 100644
--- a/static/index.css
+++ b/static/index.css
@@ -168,6 +168,13 @@
     align-content: flex-start;
 }
 
+.comments {
+     background-color: rgb(35, 33, 54);
+     height: 60%;
+     width: 80%;
+     text-align: left;
+}
+
 .navgoodlinks {
     display:flex;
     justify-content: start;
diff --git a/templates/ssti.html b/templates/ssti.html
new file mode 100644
index 0000000..8a60acc
--- /dev/null
+++ b/templates/ssti.html
@@ -0,0 +1,43 @@
+{% extends 'utils/_task.html' %}
+{% include 'utils/_forensicsidenav.html' %}
+{% block content %}
+
+<div id="popup" class="sql-guide capsule-window">
+    <span class="close-btn usable-context" onclick="hidePopup()">скрыть</span>
+</div>
+<div class="container">
+    <div class="small capsule-window info1" style="height: auto">
+        <p class="simpletext">Приветствую тебя, о сетевой путник! Прошу, оставь упоминание о себе здесь!</p>
+        <form action="/web/ssti" method="post" class="simpletext">
+            <div class="small-container" ><p>Имя:<input class="inpt" type="text" name="username" style="width: 100%; height: 1.25rem; margin: 0"></p></div>
+            <div class="small-container" ><p>Комментарий:<input class="inpt" type="text" name="user_comment" style="width: 100%; height: 1.25rem; margin: 0"></p></div>
+            <input type="submit" value="Submit" class="btn1" style="margin-top: 1.25rem">
+        </form>
+        <div class="comments">
+            {% for (username, comment) in comments -%}
+            <p class="header" style="text-align: left">{{ username }}</p>
+            <p class="mono">{{ render_template_string(comment) }}</p>
+            {% endfor -%}
+        </div>
+    </div>
+    <div class="flag-input">
+        <h3 class="header" style="text-align:left">Введите ответ:</h3>
+        <form action="/web/ssti" method="post" class="simpletext">
+            <input class="inpt" type="text" name="user_flag" style="width: 100%; height: 1.25rem; margin: 0">
+            <input type="submit" value="Submit" class="btn1" style="margin-top: 1.25rem">
+        </form>
+    </div>
+</div>
+
+
+
+    {% if error %}
+        <div id="error"> <p>{{ error }}</p> </div>
+    {% elif success_flag %}
+        <div class="task-done">
+            <h1 class="header">Вы прошли задание!</h1>
+            <img class="done" src="{{ url_for('static', filename='imgs/done_icon.png') }}">
+            <a href="{{ url_for('forensic') }}" class="usable-context" style="text-align: canter; margin: 1rem; padding: 1rem;"> < Вернуться к заданиям > </a>
+        </div>
+    {% endif %}
+{% endblock %}
\ No newline at end of file