IIT Bombay Bodhitree- Malicious Code injection

2025.01.14
Risk: Medium
Local: Yes
Remote: Yes
CWE: N/A

# Exploit Title: IIT Bombay Bodhitree- Malicious Code Injection # Date: 30-12-2024 # Exploit Author: Koushal S Kedari # Vendor Homepage: https://cs101.bodhi.cse.iitb.ac.in/ # Version: cs101 # CVE: CVE-2024-48818 # Tested on: Ubuntu, Windows ------------------------------------------------------------------------------------------------------------------------------------------- This vulnerability exists in the IIT Bombay Bodhitree platform, allowing attackers to inject malicious code in the online code compiler. The exploit can lead to Remote Code Execution (RCE), system takeover, privilege escalation, and sensitive data exposure. The vulnerability arises from improper input validation and a lack of restrictions on user processes, enabling attackers to traverse directories and escalate privileges. ---> Affected Component: Code editor and compiler at `http://cs101.bodhi.cse.iitb.ac.in/assignments/editor/4` Steps to reproduce: 1) Login into cs101 account under Bodhitree. 2) Head to your course. 3) Once you have entered your course page, Navigate to Assignments. 4) Click on programing labs. 5) Choose your lab based on the language. 6) Go to live editor button. 7) Tailor a code that leads to directory traversal or RCE. 8) Execute the code and check the output below in the output box. "Suggested Mitigation strategy": To mitigate the risk of malicious code injection and system compromise, implement the following: - Use safe execution environments such as `chroot` or Docker containers to sandbox code execution. - Enforce strong input sanitization to ensure user-provided inputs are safe. - Use the principle of least privilege to restrict access to critical system resources. Suggested Implementation (Using `chroot`): - Set up a `chroot` jail to restrict code execution. - Copy only required executables and libraries into the jail. - Use `sudo chroot` to isolate the execution process from the rest of the system. ```python import os import shutil import subprocess def setup_chroot(jail_dir, executable_path): try: # Create chroot directory if not os.path.exists(jail_dir): os.makedirs(jail_dir) # Copy executable into jail executable_name = os.path.basename(executable_path) chroot_executable_path = os.path.join(jail_dir, executable_name) shutil.copy(executable_path, chroot_executable_path) # Set executable permissions os.chmod(chroot_executable_path, 0o755) except Exception as e: print(f"Error during setup: {e}") def execute_in_chroot(jail_dir, executable_name): try: subprocess.run(['sudo', 'chroot', jail_dir, f'./{executable_name}'], check=True) except subprocess.CalledProcessError as e: print(f"Execution failed: {e}") except Exception as e: print(f"Unexpected error: {e}") if __name__ == "__main__": jail_directory = "/tmp/chroot_jail" executable = "/bin/ls" setup_chroot(jail_directory, executable) execute_in_chroot(jail_directory, "ls")


Vote for this issue:
50%
50%

Comment it here.

Copyright 2025, cxsecurity.com

 

Back to Top