PlaySMS index.php Unauthenticated Template Injection Code Execution

Posted by deepcore on April 7, 2020 – 2:53 pm

This Metasploit module exploits a preauth Server-Side Template Injection vulnerability that leads to remote code execution in PlaySMS before version 1.4.3. This issue is caused by double processing a server-side template with a custom PHP template system called TPL which is used in the PlaySMS template engine at src/Playsms/Tpl.php:_compile(). The vulnerability is triggered when an attacker supplied username with a malicious payload is submitted. This malicious payload is then stored in a TPL template which when rendered a second time, results in code execution.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Pandora FMS Ping Authenticated Remote Code Execution pfSense 2.4.4-P3 User Manager Cross Site Scripting »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

PlaySMS index.php Unauthenticated Template Injection Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL