mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
10 lines
279 B
PHP
10 lines
279 B
PHP
|
<?php
|
||
|
|
// Unsafe: `$smarty->fetch("string:" . $src)` parses the inline template
|
||
|
|
// source via the `string:` resource prefix. Tainted $src yields SSTI.
|
||
|
|
|
||
|
|
function handler() {
|
||
|
|
$src = $_GET['template'];
|
||
|
|
$smarty = new \Smarty();
|
||
|
|
return $smarty->fetch("string:" . $src);
|
||
|
|
}
|