[CVE-2023-30178] Server-Side Template Injection
Exploit Author: Dat Nguyen aka datnlq of VietSunshine Cyber Security Services
Vendor of Product: CraftCMS
Affected Product Code Base: 3.7.59
CVE: CVE-2023-30179
Description: CraftCMS 3.7.59 is vulnerable of A Server-Side Template Injection (SSTI) vulnerability. An authenticated attacker can inject Twig Template to Default Asset Location field when creating new Field with Asset's field type, lead to Remote Code Execution.
Steps to reproduce:
Step 1: Go to Settings -> Fields, click New Field.Create new Asset's Field, inject Twig Template to Default Asset Location field, for example {{1917}}
Step 2: Create a new section. After that, Edit Entry Types of the section, at Field Layout field, add the Asset's Field that created at Step 1.
Step 3: Create new Entry in the section at step 3. Upload file to this entry
Step 4: Double click to the uploaded file, the result of Twig Template will show in Location field (result of {{1917}} is 1337
Exploit and payload:
The way exploit same [CVE-2023-30179] Server-Side Template Injection
Last updated