reNgine Command Injection Vulnerability

A command injection vulnerability has been identified in reNgine, an automated reconnaissance framework for web applications, specifically in version 2.2.0. The issue arises in the scan engine configuration, where users can inject malicious commands through the nmap_cmd parameter. This vulnerability allows attackers to execute arbitrary commands on the server, potentially leading to a full system compromise.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server, with the potential to gain a shell and escalate privileges.

Reproduction

To reproduce this vulnerability, log into reNgine and navigate to the Scan Engine section. Edit any scan engine except for Osint, and modify the nmap_cmd parameter to include a payload that exploits the command injection vulnerability. After saving the changes, add a target and initiate a scan using the modified scan engine. The injected command will be executed on the server, and a shell can be obtained as a result.

Remediation

Users are advised to validate and sanitize user input, ensuring that only safe commands and arguments are allowed. Avoid using shell=True when executing commands with subprocess.Popen(), and instead use direct arguments. If user input must be included in a command, properly escape it to prevent special characters from being interpreted as command syntax. Where possible, use high-level libraries or APIs that provide the needed functionality without executing shell commands.