MailDev 2.1.0 RCE Exploit

Tested against the latest version as of 06/02/2024

Exploit is designed to be universal works for versions >= 2.x.x

This exploits a vulnerability in MailDev application https://github.com/maildev/maildev and allows unauthenticated remote code execution.

Exploit is based off an issue found by @stypr
The root cause of this issue can be found at maildev/maildev#467

Setup vulnerable environment

docker run -p 1080:1080 -p 1025:1025 maildev/maildev
python3 exploit.py

Restart the Docker container to reflect the new routing config.

Find the shell at:

• http://localhost:1080/shell?cmd=shellcommand

Example:

• http://localhost:1080/shell?cmd=cat+/etc/passwd

References:

• CVE-2024-27448

For legal testing purposes only. Use at your own risk. I take no liability for damages.