InfoSec LAB

a vulnerability classified as problematic was found in searchor up to 2.4.1. Affected by this vulnerability is the function eval of the file src/searchor/main.py of the component CLI. As an impact it is known to affect confidentiality, integrity, and availability. the weakness was disclosed 09/26/2023. the advisory is shared at github.com. This vulnerability is known as CVE-2023-43364 since 09/18/2023. Technical details are known, but no exploit is available.

Exploit

The vulnerability is present in the main.py file of searchor version 2.4.0

The search function block contains the url variable that uses the eval function, to dynamically construct a URL based on user input that’s stored to the query variable
The problem is that there is not a single form of input sanitization in place as the user input variable, query, is passed directly on to the the eval function via f string or string literal
This essentially allows injection of arbitrary Python command

Script

additionally, there are many poc exploits available online

Interactive Graph View

CVE-2023-43364
Exploit
Script

Backlinks

Busqueda_Exploitation
Busqueda

Share your thoughts

Home

Created by tacticalgator with Quartz

GitHub
HTB

InfoSec LAB

Explorer

Busqueda_CVE-2023-43364

CVE-2023-43364

Exploit

Script

Interactive Graph View

Table of Contents

Backlinks