CVE-2023-50094 Scanner

reNgine is an open-source, automated reconnaissance framework widely used by penetration testers and security researchers. It is particularly valued for its streamlined approach to information gathering and vulnerability detection during security assessments. The software supports advanced scanning techniques and is often deployed in scenarios where organizations need in-depth network reconnaissance.

The vulnerability checked by this scanner is an OS Command Injection flaw that affects reNgine versions 2.1.2 and earlier. This flaw allows adversaries with a valid session ID to inject arbitrary commands into the system. The commands execute with root privileges, posing a high risk to system integrity and confidentiality.

The vulnerability occurs in the API endpoint `/api/tools/waf_detector/?url=`, where unsanitized user input is processed by the `subprocess.check_output` function. Attackers can exploit this flaw by crafting a payload containing shell metacharacters to execute arbitrary commands. The weakness is categorized under CWE-78: Improper Neutralization of Special Elements used in an OS Command.

If exploited, this vulnerability can result in complete system compromise, unauthorized data access, and disruption of services. Since commands execute as root, attackers could potentially pivot further into the network or exfiltrate sensitive data. The exploit also significantly increases the likelihood of lateral movement within the system.

REFERENCES

• https://github.com/yogeshojha/rengine
• https://github.com/Zierax/CVE-2023-50094_POC
• https://nvd.nist.gov/vuln/detail/CVE-2023-50094