web-arena-x webarena Code Injection Vulnerability in HTMLContentEvaluator
Vulnerability
A critical code injection vulnerability has been identified in web-arena-x webarena versions through 0.2.0. The issue resides in the HTMLContentEvaluator function within the evaluators.py file. The vulnerability arises from the manipulation of the target['url'] argument, which is passed to the eval() function for execution. This flaw allows remote attackers to execute arbitrary code, potentially leading to unauthorized actions such as deleting sensitive files or executing malicious commands.
Impact
Exploitation of this vulnerability allows for remote code execution on the server where the application is running.
Reproduction
To reproduce this vulnerability, create a configuration that includes a target_url starting with 'func'. The URL can be crafted to include a payload that, when evaluated, executes arbitrary code. For example, a payload could be designed to use the 'os' module to execute system commands, such as removing files.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.