You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
LiveHelperChat 4.28v has a vulnerability for Server-Side Template Injection (SSTI).
Details
The normal logic is that LiveHelperChat should filter the {{ and }} of the parameters.
However, we found that the "search" parameter is not filtered in lhc_web/modules/lhfaq/faqweight.php
Although it does use the strip_tags function to strip HTML and PHP tags from strings.
Summary
LiveHelperChat 4.28v has a vulnerability for Server-Side Template Injection (SSTI).
Details
The normal logic is that LiveHelperChat should filter the
{{and}}of the parameters.However, we found that the "search" parameter is not filtered in
lhc_web/modules/lhfaq/faqweight.phpAlthough it does use the strip_tags function to strip HTML and PHP tags from strings.
Proof of Concept (POC)
http://192.168.160.147/lhc_web/index.php/site_admin/?search={{123*123}}
Impact
An attacker with a low-permission user can exploit the server-side Template Injection (SSTI) vulnerability to attack a Server.
The text was updated successfully, but these errors were encountered: