Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrBrisketsBE3C5204-FBD9-448D-B97C-96A8D2941E87
HistoryFeb 24, 2023 - 6:01 p.m.

Unauthenticated OS Command Injection in stamparm/maltrail

2023-02-2418:01:35
briskets
www.huntr.dev
1655
JSON

Description

Maltrail <= v0.54 is vulnerable to unauthenticated OS command injection during the login process.

Summary

The subprocess.check_output function in mailtrail/core/http.py contains a command injection vulnerability in the params.get("username")parameter.

An attacker can exploit this vulnerability by injecting arbitrary OS commands into the username parameter. The injected commands will be executed with the privileges of the running process. This vulnerability can be exploited remotely without authentication.

Proof of Concept

curl 'http://hostname:8338/login' \
  --data 'username=;`id &gt; /tmp/bbq`'
JSON