Twig PHP <2.4.4 template engine - SSTI

What is the "Twig PHP <2.4.4 template engine - SSTI" module?

The "Twig PHP <2.4.4 template engine - SSTI" module is designed to detect a vulnerability in the Twig PHP template engine. This vulnerability allows remote attackers to execute arbitrary commands through a Server-Side Template Injection (SSTI) attack. The severity of this vulnerability is classified as high.

Impact

If exploited, this vulnerability can lead to unauthorized remote code execution on the target system. Attackers can inject malicious code into templates, which will be executed on the server-side, potentially compromising the entire application and its underlying infrastructure.

How the module works?

The module sends an HTTP GET request to the target system with a specific search parameter. The request path is "/search?search_key={{1337*1338}}". The module then checks the response body for the presence of the word "1788906" and verifies that the response status is not 404 (negative match). If both conditions are met, the module reports a vulnerability.

This module is part of the Vidoc platform, which utilizes various modules to perform scanning for misconfigurations, vulnerabilities, and software fingerprinting.