关联漏洞
标题:
Crafter CMS 安全漏洞
(CVE-2022-40634)
描述:Crafter CMS是一套面向数字体验应用程序的开源内容管理系统(CMS)。 Crafter CMS Crafter Studio 3.1.23 之前版本存在安全漏洞,该漏洞源于的动态管理代码资源控制不当,允许经过身份验证的开发人员通过 FreeMarker SSTI 执行操作系统命令。
描述
CVE-2022-40634: FreeMarker Server-Side Template Injection in CrafterCMS
介绍
# CVE-2022-40634: FreeMarker Server-Side Template Injection in CrafterCMS
By inserting malicious content in a FTL template, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and obtain RCE (Remote Code Execution).
### Vendor Disclosure:
The vendor's disclosure and fix for this vulnerability can be found [here](https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022091301).
### Requirements:
This vulnerability requires:
<br/>
- Valid user credentials
### Proof Of Concept:
More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2022-40634/blob/main/CrafterCMS%20-%20CVE-2022-40634.pdf).
### Additional Resources:
Initial [vulnerability (CVE-2020-25803)](https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080102) and [blogpost](https://securitylab.github.com/advisories/GHSL-2020-042-crafter_cms/) by [Alvaro "pwntester" Munoz](https://github.com/pwntester) that inspired the SSTI research and finding of this vulnerability.
文件快照
[4.0K] /data/pocs/b0ed6d9fc9f15c6598cea0a4dbd3c05c1214ded7
├── [2.0M] CrafterCMS - CVE-2022-40634.pdf
└── [1.1K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。