Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-30145 PoC — CamaleonCMS 代码注入漏洞

Source
https://github.com/paragbagul111/CVE-2023-30145
Associated Vulnerability
Title:CamaleonCMS 代码注入漏洞 (CVE-2023-30145)
Description:CamaleonCMS是CamaleonCMS团队的一套基于RubyonRails的高级动态内容管理系统(CMS)。 CamaleonCMS v2.7.0版本存在安全漏洞,该漏洞源于通过formats参数导致服务器端模板注入 (SSTI)。
Description
Camaleon CMS v2.7.0 contain a Server-Side Template  Injection (SSTI) vulnerability
Readme
<h2>Description:</h2>

 Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template
 Injection (SSTI) vulnerability via the formats parameter.
 
 <h3>Affected Component:</h3>
All versions that are below 2.7.0

<h3>Fixed version:</h3>
Fixed Versions: 2.7.4


<hr>
 
<br><h2>Step to reproduce :</h2>

<h3>Detection:</h3>

1.open below URL:https://target.com/admin/media/upload

2.upload any file and intercept request in formats parameter value add this payload and testi<%= 77 %>vuuvm in response it will return multiplication of 77 with below message "File format not allowed (dqopi49vuuvm)"


<h3>Exploitation: </h3>

3.After that for execute command add this payload testqopi<%= File.open('/etc/passwd').read %>fdtest


<hr>

![poc](https://github.com/paragbagul111/CVE-2023-30145./assets/68190427/6e8dbfee-f646-4e9a-a785-33d38f64951e)

<hr>
<h3>Attack Vector: </h3>
  
 
The attack vector for this vulnerability involves an attacker exploiting the unsanitized user input in the 'formats' parameter to inject malicious template directives, which can lead to Server-Side Template Injection (SSTI) attacks. The attacker can upload a file and intercept the request to modify the 'formats' parameter value with a payload that includes a template directive that executes arbitrary code. In this case, the attacker is using the 'dqopi<%= File.open('/etc/passwd').read %>fdfdsf' payload to read the contents of the '/etc/passwd' file on the server. This can allow the attacker to gain unauthorized access to sensitive information, and potentially take control of the server.

<h3>CVE Impact Other: </h3>
SSTI vulnerabilities are serious and can lead to a complete compromise of the application's data and functionality, and often of the server that is hosting the application. Attackers may also use the server as a platform for further attacks against other systems.

<hr>

<h3>Vendor of Product:</h3>

Camaleon CMS

<h3>Confirmed on: 9 March 2023</h3>

<h3>Vendor:</h3>
Camaleon-cms
https://github.com/owen2345/camaleon-cms

<h4>Discoverer:</h4>

Parag Bagul
File Snapshot

 [4.0K]  /data/pocs/e24ced92ae7e11409816a06233c8548e140141ee
├── [205K]  poc.png
├── [2.0K]  README.md
└── [116K]  sstiexploitation.png

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.