Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mbadanoiu/cve-2021-46361

CVE-2021-46361: FreeMarker Restriction Bypass in Magnolia CMS
https://github.com/mbadanoiu/cve-2021-46361

0-day authenticated bypass cve cve-2021-46361 cves remote-code-execution

Last synced: 2 days ago
JSON representation

CVE-2021-46361: FreeMarker Restriction Bypass in Magnolia CMS

Host: GitHub
URL: https://github.com/mbadanoiu/cve-2021-46361
Owner: mbadanoiu
Created: 2024-02-16T20:36:32.000Z (9 months ago)
Default Branch: main
Last Pushed: 2024-02-16T20:50:05.000Z (9 months ago)
Last Synced: 2024-02-17T13:38:14.597Z (9 months ago)
Topics: 0-day, authenticated, bypass, cve, cve-2021-46361, cves, remote-code-execution
Homepage:
Size: 2.27 MB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# CVE-2021-46361: FreeMarker Restriction Bypass in Magnolia CMS

An issue in the FreeMarker Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.12.html#_security_advisory).

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2021-46361/blob/main/Magnolia%20CMS%20-%20CVE-2021-46361.pdf).

### Additional Resources:

The SSTI gadget used to escape the FreeMarker sandbox was inspired from this [article](https://www.synacktiv.com/publications/exploiting-cve-2021-25770-a-server-side-template-injection-in-youtrack) by [Vincent Herbulot of Synacktiv](https://www.synacktiv.com/en/our-team/pentest)