Command Injection in sofianehamlaoui/lockdoor-framework

Valid

Reported on

Jun 9th 2021


✍️ Description

Unsanitized user input leads to command injection in Nasnum function input in the infogathering.py script.

🕵️‍♂️ Proof of Concept

Payload:  ;id

💥 Impact

command run as root. So an attacker could do potential damage to the machine.

x3rz submitted a
6 months ago
x3rz submitted a
6 months ago
Jamie Slome validated this vulnerability 6 months ago
x3rz has been awarded the disclosure bounty
The fix bounty is now up for grabs
Jamie Slome confirmed that a fix has been merged on d003c9 6 months ago
x3rz has been awarded the fix bounty