Datart Server-Side Template Injection Vulnerability Allowing Remote Code Execution
Vulnerability
A server-side template injection vulnerability has been identified in the Freemarker template engine of Datart version 1.0.0-rc.3. This vulnerability allows authenticated attackers to execute arbitrary code by injecting crafted Freemarker template syntax into the SQL script field. The issue arises because user input is directly concatenated into templates, enabling the execution of malicious payloads on the server.
Impact
Exploitation of this vulnerability allows for remote code execution on the server where Datart is running.
Reproduction
To reproduce this vulnerability, log into the Datart application and navigate to a data source that allows SQL execution. Inject a Freemarker payload into the SQL script field that utilizes the Freemarker template engine's capabilities to execute system commands. For example, a payload could be crafted to execute a command like 'whoami' and send the output to an external server.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.