CVE-2018-14716 PoC — Craft CMS SEOmatic插件代码注入漏洞

Source

https://github.com/0xB455/CVE-2018-14716

Associated Vulnerability

Title:Craft CMS SEOmatic插件代码注入漏洞 (CVE-2018-14716)
Description:Craft CMS是一套为开发人员和内容管理人员提供的内容管理系统（CMS）。SEOmatic是其中的一个SEO（搜索引擎优化）插件。 Craft CMS的SEOmatic插件3.1.4之前版本中存在安全漏洞，该漏洞源于没有匹配任意元素的请求错误的生成了canonicalUrl。攻击者可利用该漏洞执行Twig代码。

Description

PoC for CVE-2018-14716

Readme

# CVE-2018-14716
**PoC for CVE-2018-14716**

## Exploit Title: Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection
- Date: 2018-07-20
- Software Link: https://github.com/nystudio107/craft-seomatic
- Exploit Author: Sebastian Kriesten (0xB455)
- Contact: https://twitter.com/0xB455
- CVE: CVE-2018-14716
- Category: webapps

File Snapshot


 [4.0K]  /data/pocs/6560e7972005addadaa287645d643563941e43f3
├── [1.6K]  exploit_cve-2018-14716.md
└── [ 336]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!