Access Control: Malwared BYOB - Unauthenticated Remote Code Execution¶
Identifier:
malwared_byob_rce
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Malwared BYOB allows unauthenticated remote code execution, potentially giving attackers full control over the server.
How we test: We test for unauthenticated remote code execution vulnerabilities in Malwared BYOB by injecting malicious payloads and analyzing responses to detect if arbitrary code can be executed without authentication.
Reference:
- https://blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob/
- https://github.com/chebuya/exploits/tree/main/BYOB-RCE
- https://github.com/malwaredllc/byob
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.