| शीर्षक | A-G-U-P-T-A wireshark-mcp 400c3da70074f22f3cce7ccb65304cafc7089c89 Command Injection |
|---|
| विवरण | The quick_capture MCP tool accepts attacker-controlled interface input and interpolates it into a shell command string. The command is then executed using subprocess.Popen(..., shell=True). Because shell metacharacters are not neutralized, crafted interface payloads can break out of intended argument context and execute arbitrary OS commands. This behavior exceeds the documented function scope (packet capture by interface) and creates command execution risk in the server process context. |
|---|
| स्रोत | ⚠️ https://github.com/A-G-U-P-T-A/wireshark-mcp/issues/1 |
|---|
| उपयोगकर्ता | CPT_Penner (UID 97246) |
|---|
| सबमिशन | 18/04/2026 08:19 PM (2 महीनों पहले) |
|---|
| संयम | 04/05/2026 06:04 PM (16 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360985 [A-G-U-P-T-A wireshark-mcp pyshark_mcp.py quick_capture अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|