NatShell Debug File - Remote Code Execution

What is the "NatShell Debug File - Remote Code Execution?"

The "NatShell Debug File - Remote Code Execution" module is designed to detect a vulnerability in the NatShell debug file that allows for remote code execution. NatShell is a software that is targeted by this module. The severity of this vulnerability is classified as critical.

Impact

If exploited, this vulnerability can allow an attacker to execute arbitrary code remotely on the target system. This can lead to unauthorized access, data breaches, and potential compromise of the entire system.

How the module works?

The module sends an HTTP POST request to the "/debug.php" path. It then applies two matching conditions to determine if the vulnerability exists:

- The module checks the response body for the presence of the string "toor:[x*]:0:0" using a regular expression matcher. If this string is found, it indicates a potential vulnerability. - The module also checks the response status code, expecting a 200 status. If the response status is 200, it further confirms the presence of the vulnerability.

If both matching conditions are met, the module reports the vulnerability, indicating the presence of the NatShell debug file remote code execution vulnerability.