Command Injection in sofianehamlaoui/lockdoor-framework
May 3rd 2021
Command injection occurs due to lack of sanitization of input passed to the os.system() command usage in the package. as the package runs only as root every command processed inside the package system command will be running with root privileges , so every command passed via simple bash escapes at the input side will be running with higher priorities.
🕵️♂️ Proof of Concept
privilege escalation Command Injection
to join this conversation