nuclei-templates/http/vulnerabilities/other/twig-php-ssti.yaml

28 lines
626 B
YAML

id: twig-php-ssti
info:
name: Twig PHP <2.4.4 template engine - SSTI
author: madrobot
severity: high
description: A vulnerability in Twig PHP allows remote attackers to cause the product to execute arbitrary commands via an SSTI vulnerability.
tags: php,ssti,twig
metadata:
max-request: 1
http:
- method: GET
path:
- "{{BaseURL}}/search?search_key=%7B%7B1337*1338%7D%7D"
skip-variables-check: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "1788906"
- type: status
status:
- 404
negative: true