Snort Report Remote Command Execution Vulnerability in Nmap and NBTSCan Scripts

A remote command execution vulnerability has been identified in Snort Report versions prior to 1.3.2. The issue resides in the nmap.php and nbtscan.php scripts, which do not properly sanitize user input from the target GET parameter. This lack of input validation allows attackers to inject arbitrary shell commands. Exploitation of this vulnerability requires no authentication and could lead to a complete compromise of the underlying system.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server where Snort Report is installed, potentially leading to a full system compromise.

Reproduction

To reproduce this vulnerability, send a GET request to the server with the target parameter set to a crafted payload. This payload should include base64-encoded commands that, when decoded and executed, could compromise the system. The response should be checked for indications that the commands were executed successfully.

Remediation

Users are advised to upgrade to Snort Report version 1.3.2 or later, where this vulnerability has been addressed.