CVE-2024-22722 RCE via SSTI, automated with Python.# Form-Tools-3.1.1-RCE
CVE-2024-22722 RCE via SSTI Automation with Python.
Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. This script automates the creation of a new form and group, and returns with a shell-like interface by modifying the Group Name and returning the executed command results.
[4.0K] /data/pocs/124e0faad0611e0fe77adcfda908f395692df679
├── [ 16K] exploit_final.py
└── [ 437] README.md
0 directories, 2 files