StrongShop v1.0 has a vulnerability for Server-Side Template Injection (SSTI).The vulnerability allows attackers to inject malicious code into templates executed on the server by the Laytpl engine.
Details
The vulnerability occurs in: resources/views/admin/shippingOptionConfig/index.blade.php.
Hebing123
commented
5 months ago
Summary
StrongShop v1.0 has a vulnerability for Server-Side Template Injection (SSTI).The vulnerability allows attackers to inject malicious code into templates executed on the server by the Laytpl engine.
Details
The vulnerability occurs in:
resources/views/admin/shippingOptionConfig/index.blade.php.Proof of Concept (POC)
http://192.168.0.10:1019/admin/shippingOptionConfig/index?shipping_option_id={{25*25}}
Impact
An attacker with administrator can exploit the server-side Template Injection (SSTI) vulnerability to attack a Server.