New Mirai Version Adds WebSVN Command Injection to Its Arsenal

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
  • Latest Mirai variant features an exploit for unpatched versions of the WebSVN.
  • Mirai nests in the target system by using a published exploit and turns it into a part of its DDoS swarm.
  • The malware can accept commands remotely, using a custom text-based TCP protocol for the communications.
If you haven’t patched CVE-2021-32305 yet, you are currently running the risk of being compromised by the Mirai DDoS malware. The particular vulnerability was discovered and patched in May 2021 and affects the WebSVN subversion repository browser.

At the start of June 2021, a proof of concept exploit was released to the public, and by the end of the month, attacks were already exploiting the flaw. Mirai’s authors are always ready to update their botnet with new exploits, and they have already incorporated the fresh flaw that remains unaddressed in a significant number of deployments.

The WebSVN versions that are vulnerable to exploitation include everything prior to 2.6.1. The problem lies in the possibility of achieving code execution by including special characters in the search query sent to the PHP backend. Because older WebSVN versions don’t sanitize the user input before concatenating it to the other command arguments, an attacker may sneak in command arguments and execute them on the target.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top