CraftCMS allows users to upload files via its Asset field. But the storage feature known as volume within Craft CMS can be configured to point to any directory. This ability can be exploited to upload a twig template to the templates directory. By pointing a route to the uploaded malicious twig template, we get a successful Server Side Template Injection. Using filters, we can get out of the twig sandbox and get an Arbitrary Code Execution.
Category: Our Work
This bug in Flattr was a low impact Open Redirect that allowed attacker to redirect the victim after authorizing Twitter. PoC Timeline Found vulnerability – 5th June, 2020 Made contact with Flattr – 5th June, 2020 Reported vulnerability – 9th June, 2020 Bug fixed – 11th June, 2020 Reference https://cwe.mitre.org/data/definitions/601.html