Pentest Book
Search…
Symfony && Twig
1
**Tools**
2
# Server-Side Template Injection and Code Injection Detection and Exploitation Tool
3
# https://github.com/epinna/tplmap
4
./tplmap.py -u 'http://www.target.com/page?name=John'
5
# https://github.com/ambionics/symfony-exploits
6
7
# Symfony:
8
Check for www.example.com/_profiler/ it contains errors and server variables
9
# Symfony debug looter:
10
https://github.com/synacktiv/eos/
11
12
# Twig:
13
https://medium.com/server-side-template-injection/server-side-template-injection-faf88d0c7f34
Copied!
Last modified 4d ago
Export as PDF
Copy link