what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Chris Wild

Maltrail 0.53 Unauthenticated Command Injection

Posted Aug 17, 2023

Authored by Ege Balci, Chris Wild | Site metasploit.com

Maltrail is a malicious traffic detection system, utilizing publicly available blacklists containing malicious and/or generally suspicious trails. Maltrail versions below 0.54 suffer from a command injection vulnerability. The subprocess.check_output function in mailtrail/core/http.py contains a command injection vulnerability in the params.get("username") parameter. An attacker can exploit this vulnerability by injecting arbitrary OS commands into the username parameter. The injected commands will be executed with the privileges of the running process. This vulnerability can be exploited remotely without authentication. Successfully tested against Maltrail versions 0.52 and 0.53.

tags | exploit, web, arbitrary

SHA-256 | f42530359a3ac22211393c29f331afc963e4710bc19c82c302c697b368291bbc

Download | Favorite | View

Ubuntu OverlayFS Local Privilege Escalation

Posted May 31, 2021

Authored by Chris Wild, Sudhanshu Kumar, Rohit Verma

The document in this archive illustrates using the included proof of concept exploit to achieve root on Ubuntu systems using a flaw in the OverlayFS file system. The exploit itself does not have author attribution as the proof of concept came through SSD Disclosures.

tags | exploit, paper, root, proof of concept

systems | linux, ubuntu

advisories | CVE-2021-3493

SHA-256 | 7380c1055909d23c493abb4f5067d3428e536c6a0041025856be420b9c8732fb

Download | Favorite | View