Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/blue0x1/flarum-fof-pretty-mail-command-injection
Exploit for a command injection vulnerability in the FoF Pretty Mail extension (version 1.1.2) for Flarum, a popular open-source forum software. The vulnerability arises due to the unsafe handling of user input in the email template feature of the extension.
https://github.com/blue0x1/flarum-fof-pretty-mail-command-injection
Last synced: about 2 months ago
JSON representation
Exploit for a command injection vulnerability in the FoF Pretty Mail extension (version 1.1.2) for Flarum, a popular open-source forum software. The vulnerability arises due to the unsafe handling of user input in the email template feature of the extension.
- Host: GitHub
- URL: https://github.com/blue0x1/flarum-fof-pretty-mail-command-injection
- Owner: blue0x1
- Created: 2024-03-28T17:16:22.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2024-03-28T17:35:08.000Z (9 months ago)
- Last Synced: 2024-03-29T20:35:43.140Z (9 months ago)
- Homepage:
- Size: 3.91 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Flarum FoF Pretty Mail Command Injection
Exploit for a command injection vulnerability in the FoF Pretty Mail extension (version 1.1.2) for Flarum, a popular open-source forum software. The vulnerability arises due to the unsafe handling of user input in the email template feature of the extension.
An attacker with administrative access can exploit this vulnerability by injecting PHP code into the email template, leading to arbitrary command execution on the server. This could potentially compromise the security of the server and lead to unauthorized access or data exfiltration.Usage:
1. Log in as an administrator on the Flarum forum.
2. Navigate to the FoF Pretty Mail extension settings.
3. Edit the email default template and insert one of the following payloads at the end of the template:
4. Save the changes to the email template.
5. Trigger any action that sends an email, such as user registration or password reset.
The recipient of the email will see the message "Take The Rose" followed by the output of the injected command (id or cat /etc/passwd) in the email content.
POC:
Editing the default email template
Payload:
```bash
```![image](https://github.com/blue0x1/Flarum-FoF-Pretty-Mail-Command-Injection/assets/52697989/ca8e6852-7b30-43a0-bd3f-90e2d0898f24)
Per example triggered forgot password action for receiving a email
![image](https://github.com/blue0x1/Flarum-FoF-Pretty-Mail-Command-Injection/assets/52697989/787a4959-8c01-4f5b-869d-4a6a0f9ffcf4)
on the email, receiving:
![image](https://github.com/blue0x1/Flarum-FoF-Pretty-Mail-Command-Injection/assets/52697989/e2215324-2759-4d77-a672-3313bafc7a2e)
## Disclaimer:
This exploit is provided for educational purposes only. It is intended to promote awareness and improve the security of Flarum and its extensions. Use of this exploit for malicious purposes is strictly prohibited. Always ensure you have proper authorization before testing any system for vulnerabilities.