zhangyd-c OneBlog Server-Side Template Injection Vulnerability in FreeMarker Templates
Vulnerability
A Server-Side Template Injection (SSTI) vulnerability has been identified in zhangyd-c OneBlog versions prior to 2.3.9. This issue arises in the 'template2String' function within the 'FreeMarkerUtil.java' file, allowing remote attacks by injecting malicious FreeMarker template code.
Impact
Exploitation of this vulnerability allows for Server-Side Template Injection, where an attacker can execute arbitrary code on the server by injecting malicious FreeMarker template syntax that is processed by the application.
Reproduction
To reproduce this vulnerability, log into the application and navigate to the 'Website Management' section, then select 'Template Management'. Edit the 'TM_ROBOTS' template and insert the attack payload, which exploits the FreeMarker template processing. After saving the template, the injected code can be executed by accessing the 'robots.txt' file on the server, which will reflect the output of the injected FreeMarker code execution.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.