This advisory details multiple vulnerabilities in Shadowsocks, including log file manipulation via crafted hostnames, command execution through unsanitized input in autoban.py, and weak key derivation using MD5. It provides technical analysis, proof-of-concept payloads, and mitigation recommendations.
Classification
Writeup 100%
Attack Type
Rce | Info Leak | Auth Bypass
Target:
Shadowsocks (latest commit 2ab8c6b on Sep 6, 2017)
No auth needed
Prerequisites:
Network access to Shadowsocks server · autoban.py enabled for command execution