Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code execution via old versions of Twig #48

Closed
jvoisin opened this issue Jul 30, 2018 · 3 comments
Closed

Code execution via old versions of Twig #48

jvoisin opened this issue Jul 30, 2018 · 3 comments

Comments

@jvoisin
Copy link

jvoisin commented Jul 30, 2018

I was reading this article: apparently it's possible to get a command execution for old versions Twig, but tlpmap doesn't support it.

Shall I issue a PR to support this, would consider for inclusion?

@jvoisin jvoisin changed the title Code execution via Twig Code execution via old versions of Twig Jul 30, 2018
@epinna
Copy link
Owner

epinna commented Jul 30, 2018

I will be glad to see your PR.

@epinna
Copy link
Owner

epinna commented Oct 14, 2018

Hey, thanks for pointing this out to me. Feel free to try it with

$ cd docker-envs && docker-compose up -d tplmap_test_php
$ ./tplmap.py -u 'http://127.0.0.1:15002/twig-1.19.0-unsecured.php?inj=1'

#You can compare the result against the secured version
$ ./tplmap.py -u 'http://127.0.0.1:15002/twig-1.20.0-secured.php?inj=1'

I'll keep this open while I write the test suite for the unsecured versions.

@epinna epinna closed this as completed Oct 14, 2018
@jvoisin
Copy link
Author

jvoisin commented Oct 14, 2018

Wonderful ♥

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants