Update README.md

Add reference to debug tag for Jinja2

Server Side Template Injection/README.md

@@ -35,6 +35,7 @@
 * [Jinja2](#jinja2)
   * [Basic injection](#basic-injection)
   * [Template format](#template-format)
+  * [Debug Statement](#debug-statement)
   * [Dump all used classes](#dump-all-used-classes)
   * [Dump all config variables](#dump-all-config-variables)
   * [Read remote file](#read-remote-file)
@@ -338,6 +339,16 @@ The above injections have been tested on Flask application.
 
 ```
 
+### Debug Statement¶
+
+If the Debug Extension is enabled, a `{% debug %}` tag will be available to dump the current context as well as the available filters and tests. This is useful to see what’s available to use in the template without setting up a debugger.
+
+```python
+<pre>{% debug %}</pre>
+```
+
+Source: https://jinja.palletsprojects.com/en/2.11.x/templates/#debug-statement
+
 ### Dump all used classes
 
 ```python
@@ -510,4 +521,4 @@ Fixed by https://github.com/HubSpot/jinjava/pull/230
 * [Server-Side Template Injection (SSTI) in ASP.NET Razor - Clément Notin - 15 APR 2020](https://clement.notin.org/blog/2020/04/15/Server-Side-Template-Injection-(SSTI)-in-ASP.NET-Razor/)
 * [Expression Language injection - PortSwigger](https://portswigger.net/kb/issues/00100f20_expression-language-injection)
 * [Bean Stalking: Growing Java beans into RCE - July 7, 2020 - Github Security Lab](https://securitylab.github.com/research/bean-validation-RCE)
-* [Remote Code Execution with EL Injection Vulnerabilities - Asif Durani - 29/01/2019](https://www.exploit-db.com/docs/english/46303-remote-code-execution-with-el-injection-vulnerabilities.pdf)
+* [Remote Code Execution with EL Injection Vulnerabilities - Asif Durani - 29/01/2019](https://www.exploit-db.com/docs/english/46303-remote-code-execution-with-el-injection-vulnerabilities.pdf)