Code Injection in SofianeHamlaoui/Lockdoor-Framework

Valid
Reported on May 28th 2021

✍️ Description

Multiple Command injection in infogathering.py file due to lack of sanitization.

🕵️‍♂️ Proof of Concept

Payload : `id`

Video: https://drive.google.com/file/d/1uozVKKHL1LSMvFW7ehX3eIoxsWFLCes1/view?usp=sharing

💥 Impact

tools ask for root to run so every command injected will run as root which may cause potential damage.

Note: sanitize.py needs fix