Novel Exploit - SSTI to RCE in playSMS (CVE-2024-8880)

Novel Exploit - SSTI to RCE in playSMS (CVE-2024-8880)

OS

2024.1.*
2020.3.*
2019.4.*

Apps

P
PlaysmsPlaysms
0.9.5.3.*
0.9.5.2.*
0.9.5.1.*
0.9.9.2.RC
0.9.9.2.BETA1
0.9.9.2.BETA6
0.9.9.2.-
0.9.9.2.BETA3
0.9.9.2.BETA4
0.9.9.2.BETA5

Screenshots from the blog posts

images/cm169pnop00h51hoh45jkcfm1.pngimages/cm169pnop00h51hoh45jkcfm1.png

Summary

In this post, we will be understanding the SSTI exploit against playSMS leading to RCE. We will understand how to use the exploit to target vulnerable instances and also understand the inner working of the script.

general

Description

@secatgourity

185 posts

Total vcoins

120.8K

Social media links

Comments (0)