module
D-Tale RCE
| Disclosed | Created |
|---|---|
| 2025-02-05 | 2025-03-03 |
Disclosed
2025-02-05
Created
2025-03-03
Description
This exploit effectively serves as a bypass for CVE-2024-3408.
An attacker can override global state to enable custom filters, which then facilitates remote code execution.
Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the enable_custom_filters feature, typically restricted to trusted environments.
Once enabled, the /test-filter endpoint of the Custom Filters functionality can be exploited to execute arbitrary system commands.
An attacker can override global state to enable custom filters, which then facilitates remote code execution.
Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the enable_custom_filters feature, typically restricted to trusted environments.
Once enabled, the /test-filter endpoint of the Custom Filters functionality can be exploited to execute arbitrary system commands.
Authors
taiphung217
Takahiro Yokoyama
Takahiro Yokoyama
Platform
Linux
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.