Command Injection

github.com/txthinking/brook is vulnerable to Command Injection. The vulnerability exists due to a lack of user request validation in the local tproxy service, which allows an attacker to inject and execute arbitrary commands...

Brook 操作系统命令注入漏洞

Brook is a cross-platform programmable web tool for individual developers of TxThinking. A security vulnerability exists in Brook. An attacker can exploit this vulnerability to trick a victim into visiting a malicious web page, which will trigger a request to the local "tproxy" service, leading t...