Skip to content

MAGNOLIA-8281: FreeMarker Restriction Bypass 2 in Magnolia CMS

Notifications You must be signed in to change notification settings

mbadanoiu/MAGNOLIA-8281

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

MAGNOLIA-8281: FreeMarker Restriction Bypass 2 in Magnolia CMS

An issue in the FreeMarker Filter of Magnolia CMS v6.2.16 and below allows attackers to bypass security restrictions and read/write/move/copy/delete arbitrary files via a crafted FreeMarker payload. Arbitrary code execution was successfully achieved via writing arbitrary JSP files.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Why no CVE?

Neither me nor the vendor requested a CVE for these vulnerabilities.

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

Additional Resources:

The JSP code used to execute arbitrary system commands can be found here