Lack of Input Sanitazion lead to RCE in lirantal/daloradius
Valid
Reported on
Jan 4th 2023
Description
This vulnerability occur because there is no sanitation on user controlled input during the update configuration process. The input later , written to another .php file and this could lead to RCE.
Proof of Concept
Go to Config then go to
Mail SettingsChange the
From Email Addressvalue to malicious payload, e.g';phpinfo();$a='x
Go to
config-mail.phporlibrary/daloradius.conf.phpto see executed code
Injected code in library/daloradius.conf.php
Executed code on config-mail.php
Executed code on library/daloradius.conf.php

Impact
Attacker can gain RCE and takeover the server (read, modify, delete, and add file).
Occurrences
References
We are processing your report and will contact the
lirantal/daloradius
team within 24 hours.
4 months ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
The researcher's credibility has increased: +7
config_write.php#L62
has been validated
to join this conversation
