You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During the analysis of the software, it was observed that the fruitywifi <=v2.4 allows a malicious actor to perform a Remote Command Execution. The issues were found on the /scripts/config_iface.php due to improper handling of shell metacharacters which are a part of the "POST" Request. An authentication bad actor can exploit these issues by creating a malicious payload that will contain shell metacharacters in the io_mode of the "POST Request". This issue happens due to missing input validation in the requests which allows execution of the commands.
Steps To Reproduce
1.Log into the application with credentials.
2. Navigate to the following URL: https://<fruity_ip>:port/scripts/config_iface.php.
3. Intercept the request with proxy tools such as Burp Suite and then change request method to POST.
4. Now, add "io_mode"`" parameter in POST body and insert payload the following payload:
Issue Description
During the analysis of the software, it was observed that the fruitywifi <=v2.4 allows a malicious actor to perform a Remote Command Execution. The issues were found on the
/scripts/config_iface.phpdue to improper handling of shell metacharacters which are a part of the "POST" Request. An authentication bad actor can exploit these issues by creating a malicious payload that will contain shell metacharacters in theio_modeof the "POST Request". This issue happens due to missing input validation in the requests which allows execution of the commands.Steps To Reproduce
1.Log into the application with credentials.
2. Navigate to the following URL: https://<fruity_ip>:port/scripts/config_iface.php.
3. Intercept the request with proxy tools such as Burp Suite and then change request method to POST.
4. Now, add "io_mode"`" parameter in POST body and insert payload the following payload:
Note: In order to bypass, we need to satisfy the quotes then insert our payload.
The text was updated successfully, but these errors were encountered: