Unauthenticated OS Command Injection in stamparm/maltrail in stamparm/maltrail
Feb 24th 2023
Maltrail <= v0.54 is vulnerable to unauthenticated OS command injection during the login process.
subprocess.check_output function in mailtrail/core/http.py contains a command injection vulnerability in the
An attacker can exploit this vulnerability by injecting arbitrary OS commands into the username parameter. The injected commands will be executed with the privileges of the running process. This vulnerability can be exploited remotely without authentication.
Proof of Concept
curl 'http://hostname:8338/login' \ --data 'username=;`id > /tmp/bbq`'
Arbitrary command execution