download the .3mf and unzip, edit the file and zip it back to .3mf
1 Like
Loading of a model file failed.
always the same error
what is the admin path
http://shop.trickster.htb/.git/refs/heads/admin_panel
??
try reading the index file
How do I send the request to changedetection so that it gives me the shell?
try using the fork poc
did you find solution ?
i changed ip on reverse_shell.php in ps_next_8_theme_malicious.zip and exploit.html i also modified admin_panel location in exploit.html still i’m facing this error
hello, unfortunately I didn’t solve it
I only got this GET request to http://shop.trickster.htb/themes/next/reverse_shell.php: 200
@@ somebody help me pls
how many things did you change in exploit ?
I change baseUrl, path, httpserverIP,httpServerPort in exploit.html. In exploit.py I changed the port in subprocess command. And change reverse_shell.php with my phppentestmonkey payload.
Regarding the CVE-2024-32651 (SSTI leading to RCE on changedetection), I’m the researcher who discovered the vulnerability. You can find all the information on this blog post: CVE-2024-32651 – Server Side Template Injection (Changedetection.io) – Hacktive Security Blog
2 Likes
Nice finding! Now your discovery is becoming popular, hundreds of people exploiting it 
How can i disable the changedetection password?
go into settings and click remove password
still not getting a shell back. my url list is like yours but on port 8000 as python server defaults there. notification title is something random and notification body is your payload, but after triggering it successfully or sending test notifications, still no reverse shell back
anything else you may have done?
What do you see on the log page ?
How do you find the password for changedetection? Im currently logged in as james and found the docker ip
You know the password. Just try what you have 