Code Injection in sofianehamlaoui/lockdoor-framework

Valid

Reported on

May 28th 2021

✍️ Description

Multiple Command injection in infogathering.py file due to lack of sanitization.

🕵️‍♂️ Proof of Concept

Payload : `id`

Video: https://drive.google.com/file/d/1uozVKKHL1LSMvFW7ehX3eIoxsWFLCes1/view?usp=sharing

💥 Impact

tools ask for root to run so every command injected will run as root which may cause potential damage.

Note: sanitize.py needs fix

x3rz submitted a
patch
2 years ago
Jamie Slome validated this vulnerability 2 years ago
x3rz has been awarded the disclosure bounty
The fix bounty is now up for grabs
Jamie Slome marked this as fixed with commit 77ee32 2 years ago
x3rz has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation