Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-22621 PoC — Strapi 注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-22621.yaml
Associated Vulnerability
Title:Strapi 注入漏洞 (CVE-2023-22621)
Description:Strapi是一套开源的内容管理系统(CMS)。 Strapi 4.5.5之前版本存在安全漏洞,攻击者利用该漏洞可以将在服务器上执行代码的精心设计的有效载荷注入到电子邮件模板中,从而绕过本应阻止代码执行的验证检查。
Description
Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution.
File Snapshot

 id: CVE-2023-22621

info:
  name: Strapi Versions <=4.5.5 - SSTI to Remote Code Execution
  author: 

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.