Code Injection in namelessmc/nameless


Reported on

Aug 23rd 2021

✍️ Description

Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application. This type of attack exploits poor handling of untrusted data. These types of attacks are usually made possible due to a lack of proper input/output data validation. is vulnerable to code injection as shown below:

🕵️‍♂️ Proof of Concept

Vulnerable resource: Nameless/modules/Core/pages/panel/emails.php
Vulnerable variable: $_POST['port']
Perform the following actions with an admin account:

  1. Visit http://localhost/Nameless-2/index.php?route=/panel/core/emails/.
  2. Insert data on the fields. Insert 123); phpinfo();/* in the port field.
  3. Visit http://localhost/Nameless-2/core/email.php and observe the phpinfo is executed.

This vulnerability allows RCE on the server.

💥 Impact

Impact could cover loss of confidentiality, loss of integrity, loss of availability, and/or loss of accountability

We have contacted a member of the namelessmc/nameless team and are waiting to hear back 2 years ago
Sam validated this vulnerability 2 years ago
hitisec has been awarded the disclosure bounty
The fix bounty is now up for grabs
Sam marked this as fixed with commit a07f9d 2 years ago
Sam has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation