LiveHelperChat 4.28v has a vulnerability for Server-Side Template Injection (SSTI).
Details
The normal logic is that LiveHelperChat should filter the {{ and }} of the parameters.
However, we found that the "search" parameter is not filtered in lhc_web/modules/lhfaq/faqweight.php
Although it does use the strip_tags function to strip HTML and PHP tags from strings.
Hebing123
commented
5 months ago
Summary
LiveHelperChat 4.28v has a vulnerability for Server-Side Template Injection (SSTI).
Details
The normal logic is that LiveHelperChat should filter the
{{and}}of the parameters.However, we found that the "search" parameter is not filtered in
Although it does use the strip_tags function to strip HTML and PHP tags from strings.
lhc_web/modules/lhfaq/faqweight.phpProof of Concept (POC)
http://192.168.160.147/lhc_web/index.php/site_admin/?search={{123*123}}
Impact
An attacker with a low-permission user can exploit the server-side Template Injection (SSTI) vulnerability to attack a Server.