Developer finds and fixes unauthenticated RCE chain in his own open-source port scanner
A developer discovered a critical remote code execution vulnerability chain in his own Nmap-based port scanner project, built with a FastAPI backend and React frontend. The exploit combined four weaknesses: no authentication on any route, unsanitized target input passed directly to Nmap allowing flag injection, an upload feature that automatically added scripts to its own execution allowlist, and an XXE flaw in XML parsing of Nmap output. Together, these flaws allowed an unauthenticated attacker to write and execute arbitrary code on the server without any credentials. The developer has since patched the project by adding API key authentication, input validation to reject flag-shaped values, removing script self-authorization, and replacing the standard XML parser with defusedxml. The hardened repository has been made publicly available on GitHub as a reference for others building similar tools.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in