touhidshaikh (3)
Last Login: September 05, 2024
Assessments
1
Score
3
touhidshaikh's Latest (1) Contributions
Sort by:
Filter by:
2
Technical Analysis
Description
This module exploits a Preauth Server-Side Template Injection leads remote code execution vulnerability in PlaySMS Before Version 1.4.3. This issue is caused by Double processes a server-side template by Custom PHP Template system called ‘TPL’.which is used in PlaySMS template engine location src/Playsms/Tpl.php:_compile(). When Attacker supply username with a malicious payload and submit. This malicious payload first processes by TPL and save the value in the current template after this value goes for the second process which result in code execution.
The TPL(https://github.com/antonraharja/tpl) template language is vulnerable to PHP code injection
Vulnerable Application
Available at Source Forge
Metasploit Exploit (Written By Me)
Available at Github PR
Exploit Video PoC
Available at Youtube Video
