Handlebars.js 4.1.1 Server Side Template Injection exploitation – running system commands with a Node.js RCE when require() is not available?

I’m currently reading the following article and trying to exploit the vulnerability (Handlebars.js 4.1.1 Server Side Template Injection):

http://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html

Sure enough, the proof of concept code works fine. Specifically, the final snippet from Matias works in my setup. However, after all those context changes, I no longer have access to the require keyword, and therefore I cannot do require('child_process').exec(), because it says require is not defined.

I tried looking for global variables in the current context which might help me, but found nothing.

I also considered copying the whole child_process library’s source code into my payload, but that’s not trivial, since the library uses other libraries and some specific variables, which are not initialized for me (primordials, for example).

In order to continue the assignment, I need to get a reverse shell on the target machine. How can I use the RCE to run system commands/get a reverse shell if I cannot use require()?

Professional template

Today we will offer you a free foreign blogger template that is very responsive, one of the most important features of this template is that it is very very fast and that characteristic is one of the most important factors of seo, and it is one of the most important factors that will make your topics appear in the early search results, which increases the number Visitors to the blog.
Mold Features:
A template compatible with all screens.
The template is free.
Beautiful arrangement…

Professional template

Add custom template ‘sub-page’ to Custom Post type?

I have a custom post type called ‘Inspections’

Doing this, you can access an inspection record by going to example.com/inspections/inspection-slug-here

However, I want to add some ‘sub-pages’ if you will:

/inspections/<inspection-slug-here>/sub-page1 /inspections/<inspection-slug-here>/sub-page2 

In this case, I would really like sub-page1 and sub-page2 to be templates that I can author in elementor, or something similar.

In a perfect scenario, I would like to pass the details of the parent (inspection-slug-here) to be loaded in this sub section so I can use custom fields or something of the likes.

Is there anything out there that does this? I am using elementor and an elementor templates tool, but cannot find any ways to do what i want.

Thanks!

Conditionally check if page is using template from plugin directory

I am having trouble loading the script conditionally in my plugin.

I have a DataTables page and want to load datatables scripts only for that page. So I made a page template called datatables-template.php and loading dynamically so can set the template in page attribute.

The template path is my-plugin/public/templates/datatables-template.php

So far so all is working fine. However, when I try to load script explicit fore that template using is_page_template()

When I have checked with get_page_template() that returning theme current page template which is page.php in my case.

Note: is_page working fine, of course, since it will check the current page, that would work. I have also checked my path using file_exists and that returns true. That means I am giving a correct path for the template. So no idea how to check it.

Additionally: I have tried with global $ template which returns the correct plugin template but that doesn’t work in conditional check in my plugin file.

global $  template;  if('datatables-template.php' == $  template){     //load script } 

Question: How can I check if the page has set the specific page template in page attributes, in my case datatables-template.php and load script explicit for that page?

Template Monster…your opinion ?

Hi Friends,

I was looking at the 100's of Templates on TM and was wondering 'how difficult is it' to work with them? (they have some very nice templates to choose from).

  • I've read some bad reviews about their WordPress themes…but what about their HTML sites…has anyone tried successfully to use their HTML Templates?
  • Anyone have an opinion on their products?

thanks very much!

Add custom admin menu item for pages using a certain template

I am looking to add a new, custom menu item to the WordPress admin sidebar that displays pages that use a certain template. For example: a group of pages uses the template called “Retailer Sendout” (page-retailer-sendout.php) would be displayed below the default “Pages” top-level menu item.

I have tried the following URL combinations, but none of them have worked so far.

  • http://domain.test/wp-admin/edit.php?post_type=page&page_template=page-retailer-sendout
  • http://domain.test/wp-admin/edit.php?post_type=pagetemplate=page-retailer-sendout
  • http://domain.test/wp-admin/edit.php?post_type=page&page_template=retailer_sendout

I have also tested some admin menu customization plugins, but they do not offer the ability to link to pages with a specific template name.

I am comfortable with adding a custom function to the theme’s functions.php file, but I do not know where to start.

Any help is greatly appreciated.

Change default template in the block editor (Gutenberg)

I want to change the default template for my pages to a template called fullwidthpage.php.

I have seen this question posted and answered for pre-Gutenberg WordPress, but I have not found a working answer for Gutenberg WordPress (version 5.3.2 at the time of this question).

This is the non-working answer I found. When I try the non-working answer the template is set to fullwidthpage.php but when I try to update the page I get a message that says “Updating failed.”

Why is client requesting error template

I’ve noticed in my logs that after a client requests a page from my WP website, there is a second request like this:

https://example.com/en/?wp_error_template=500&WB_REVISION=0.3.0%3BAvada%3D6.2.2%3Buser%3D0%3Boptions%3Df199a994ba0e1842b91c8060ffb02756%3Bnav%3Ddfba79fdd9d74597a719bc602975add4%3Bdeps%3D7b7e7a523eb133a733a7ebba5e1c1544%3Bcb21a705e60f14a0f97df136e58e762a

What is this second request for, and why is it happening?

Help: I would like to download a basic template for a hyperlink favs page

Hi this is a strange request.

Where can I download a premade single page of text hyper links?

Basically I would like to open this file each time and set it as my home page.

I have a lot of favorites, favs bar is too small. I would like a one pager.

If it has a cool background that would be even better.

Use archive template for CPT but not generate urls for posts items

I need to be able to use the archive template for a custom post type but also at the same time prevent URLs from being created for the “posts” that are created, and keep the posts publicly visible.

I created the proper archive template and that works just fine, also the slug for the archive works great, but when I go to set rewrite to false I get a 404 error on the archive page. So it appears that the method won’t do. I could always create a page and query the posts in a page template but I would prefer not to.

So is there a way to use the archive template but also keep WordPress from creating URLs for the “posts” I create.

Below is the code I’m using to generate the CPT.

    function cptui_register_my_cpts_multi_fam_prop() {      /**      * Post Type: Multi-Family Properties .      */      $  labels = array(         "name" => __( "Properties ", "custom-post-type-ui" ),         "singular_name" => __( "Property", "custom-post-type-ui" ),     );      $  args = array(         "label" => __( "Properties ", "custom-post-type-ui" ),         "labels" => $  labels,         "description" => "",         "public" => true,         "publicly_queryable" => true,         "show_ui" => true,         "delete_with_user" => false,         "show_in_rest" => true,         "rest_base" => "",         "rest_controller_class" => "WP_REST_Posts_Controller",         "has_archive" => "multi-family-management/properties",         "show_in_menu" => "mf-menu",         "show_in_nav_menus" => true,         "exclude_from_search" => true,         "capability_type" => "post",         "map_meta_cap" => true,         "hierarchical" => false,         "rewrite" => false,         "query_var" => true,         "supports" => array( "title", "editor", "thumbnail" ),     );      register_post_type( "multi_fam_prop", $  args ); }  add_action( 'init', 'cptui_register_my_cpts_multi_fam_prop' ); 

First time posting here, so school me up if I’m missing anything.