nuclei-templates/http/vulnerabilities/other/twig-php-ssti.yaml

28 lines
626 B
YAML
Raw Normal View History

2020-04-08 16:30:10 +00:00
id: twig-php-ssti
info:
name: Twig PHP <2.4.4 template engine - SSTI
author: madrobot
severity: high
2021-10-27 10:52:34 +00:00
description: A vulnerability in Twig PHP allows remote attackers to cause the product to execute arbitrary commands via an SSTI vulnerability.
tags: php,ssti,twig
metadata:
max-request: 1
2020-04-08 16:30:10 +00:00
http:
2020-04-08 16:30:10 +00:00
- method: GET
path:
- "{{BaseURL}}/search?search_key=%7B%7B1337*1338%7D%7D"
skip-variables-check: true
matchers-condition: and
2020-04-08 16:30:10 +00:00
matchers:
- type: word
part: body
2020-04-08 16:30:10 +00:00
words:
2020-04-20 12:14:59 +00:00
- "1788906"
- type: status
status:
- 404
negative: true