Symfony && Twig

**Tools**
# Server-Side Template Injection and Code Injection Detection and Exploitation Tool 
# https://github.com/epinna/tplmap
./tplmap.py -u 'http://www.target.com/page?name=John'
# https://github.com/ambionics/symfony-exploits

# Symfony:
Check for www.example.com/_profiler/ it contains errors and server variables
# Symfony debug looter:
https://github.com/synacktiv/eos/

# Twig:
https://medium.com/server-side-template-injection/server-side-template-injection-faf88d0c7f34

Last updated