Giters

mbadanoiu / CVE-2022-25813

CVE-2022-25813: FreeMarker Server-Side Template Injection in Apache OfBiz

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

0-daycvecvesserver-side-template-injectioncve-2022-25813remote-code-executionuser-interaction

CVE-2022-25813: FreeMarker Server-Side Template Injection in Apache OfBiz

By inserting malicious content in a message’s “Subject” field, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and obtain RCE (Remote Code Execution).

Note: Although this vulnerability requires a valid user’s interaction to trigger the SSTI, the malicious payload can be sent by any unauthenticated attacker that creates an e-commerce account.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

  • Registering a new user or valid user credentials
  • User interaction of a administrative user

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

Additional Resources:

Initial vulnerability GHSL-2020-070 and blogpost by Alvaro "pwntester" Munoz that inspired the SSTI research and finding of this vulnerability.

About

CVE-2022-25813: FreeMarker Server-Side Template Injection in Apache OfBiz

0-daycvecvesserver-side-template-injectioncve-2022-25813remote-code-executionuser-interaction