Pentest Book
Search…
Symfony && Twig
**Tools**
# Server-Side Template Injection and Code Injection Detection and Exploitation Tool
# https://github.com/epinna/tplmap
./tplmap.py -u 'http://www.target.com/page?name=John'
# https://github.com/ambionics/symfony-exploits
# Symfony:
Check for www.example.com/_profiler/ it contains errors and server variables
# Symfony debug looter:
https://github.com/synacktiv/eos/
# Twig:
https://medium.com/server-side-template-injection/server-side-template-injection-faf88d0c7f34
Last modified 9mo ago
Export as PDF
Copy link
Edit on GitHub