Command Injection in sofianehamlaoui/lockdoor-framework

Valid

Reported on

Jun 9th 2021

✍️ Description

Unsanitized user input leads to command injection in Nasnum function input in the infogathering.py script.

Payload:  ;id

command run as root. So an attacker could do potential damage to the machine.

infogathering.py L200

x3rz submitted a

2 years ago

x3rz submitted a

2 years ago

Jamie Slome validated this vulnerability 2 years ago

x3rz has been awarded the disclosure bounty

The fix bounty is now up for grabs

Jamie Slome marked this as fixed with commit d003c9 2 years ago

x3rz has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

x3rz submitted a

2 years ago

x3rz submitted a

2 years ago

Jamie Slome validated this vulnerability 2 years ago

x3rz has been awarded the disclosure bounty

The fix bounty is now up for grabs

Jamie Slome marked this as fixed with commit d003c9 2 years ago

x3rz has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation