TastyIgniter version 3.0.7 RCE
Today I am posting about a exploit I found with the Open Source software TastyIgniter. This affects version 3.0.7. This exploit allowed me a reverse connection from the server this application is hosted on back to my machine. Below will be the steps to reproduce this.
Step 1) you will need a staff account with manager level role or higher.
Step 2) Sign into the account and go to design > themes.
Step 3) Create a Child theme by going into one of the main themes and clicking “Create child theme” in the top right.
Step 4) Click edit on the child theme, then click “Edit template files” in the top right.
I used the Pages > Reviews PHP section to inject code into to get remote code.
Step 5) Make these changes to the PHP section and save.
Step 6) go to http://<your_server>/default/menus and click on review. You will see an error message pop up with www-data
Using the below code I was able to get a reverse connection back to my computer.
- @ August 14, 2021 7:12 am