![]() ![]() Many applications allow users to modify templates and given that Smarty clearly states that it has a sandbox it’s likley that this functionality will be exposed as intended by developers. We have to assume an environment in which a template injection could occur. Smarty also has security features that can further enforce granular restrictions on templates. Smarty insulates the templates from PHP, creating a controlled separation of presentation from business logic. SANDBOXING: When PHP is mixed with templates, there are no restrictions on what type of logic can be injected into a template. Why is seperating PHP from templates important? syntax easy to understand, no PHP knowledge required.fast development/deployment for programmers and designers. ![]() clean separation of presentation from application code.The Smarty design was largely driven by these goals: This implies that PHP code is application logic, and is separated from the presentation. Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. ![]() The following text is taken directly from the Smarty website: What is Smarty? This vulnerability targets the compilation engine and is unmitigated in versions 3.1.38 and below (even with a hardended sandbox using undocumented features). Smarty_Internal_Runtime_TplFunction Sandbox Escape PHP Code Injection This vulnerability targets an exposed and instantiated Smarty instance and is partially mitigated by using undocumented sandbox hardening features. template_object Sandbox Escape PHP Code Injection The discovered vulnerabilities impact the Smarty Template Engine <= 3.1.38:ġ. Then we explore how these vulnerabilities can be applyed to some applications that attempt to use the engine in a secure way. In this blog post we explore two different sandbox escape vulnerabilities discovered in the Smarty Template Engine that can be leveraged by a context dependant attacker to execute arbitrary code. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |