Giters

mbadanoiu / CVE-2022-40634

CVE-2022-40634: FreeMarker Server-Side Template Injection in CrafterCMS

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

0-dayauthenticatedbypasscvecvesremote-code-executionserver-side-template-injectioncve-2022-40634cve-2020-25803

CVE-2022-40634: FreeMarker Server-Side Template Injection in CrafterCMS

By inserting malicious content in a FTL template, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and obtain RCE (Remote Code Execution).

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

  • Valid user credentials

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

Additional Resources:

Initial vulnerability (CVE-2020-25803) and blogpost by Alvaro "pwntester" Munoz that inspired the SSTI research and finding of this vulnerability.

About

CVE-2022-40634: FreeMarker Server-Side Template Injection in CrafterCMS

0-dayauthenticatedbypasscvecvesremote-code-executionserver-side-template-injectioncve-2022-40634cve-2020-25803