Skip to content

Commit

Permalink
Fix wording
Browse files Browse the repository at this point in the history
  • Loading branch information
@tedmdelacruz
tedmdelacruz committed Feb 19, 2024
1 parent 37666d8 commit 77d7bc9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion content/posts/strapi-rce-writeup.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ This exploit runs when a confirmation email is sent, so an API call that registe
$ curl -vvv -X POST -H 'Content-Type: application/json' -d '{"email":"[email protected]", "username":"rcetrigger1", "password": "Test1234!"}' https://strapi.[redacted].com/auth/local/register/
```

Upon execution of the cURL command, Strapi attempts to validate the email template. The exploit then takes advantage of a template validation bypass and unintentionally runs the reverse shell payload via `node`. The reverse shell then creates a TCP connection to my attacker server, which spawns a `bash` session.
Upon execution of the cURL command, Strapi attempts to validate the email template. The exploit then takes advantage of a template validation bypass runs the reverse shell payload via `node`. The reverse shell then creates a TCP connection to my attacker server, which spawns a `bash` session.

Now the attacker machine has logged in to the server as `root`, **giving me total control of the server**:

Expand Down

0 comments on commit 77d7bc9

Please sign in to comment.