Dalfox/V2 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/products/dalfox/v2/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 12 May 2026 15:11:08 +0000Dalfox Server Mode Unauthenticated Arbitrary File Readhttps://feed.craftedsignal.io/briefs/2026-05-dalfox-file-read/Tue, 12 May 2026 15:11:08 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-dalfox-file-read/Dalfox server mode is vulnerable to an unauthenticated arbitrary file read with out-of-band exfiltration via the `custom-payload-file` parameter, allowing attackers to read sensitive files on the host.Dalfox, when run in REST API server mode, is vulnerable to an unauthenticated arbitrary file read. The custom-payload-file field in model.Options is deserialized from the request body and used to read files. An attacker can exploit this by sending a POST request to the /scan endpoint with a custom-payload-file parameter pointing to a file on the server. Dalfox then reads the file line by line and includes each line as a payload in outbound HTTP requests directed at an attacker-controlled target URL. This vulnerability exists because the server, by default, does not require an API key. This allows an unauthenticated network attacker to exfiltrate the contents of arbitrary files readable by the dalfox process. The affected version is dalfox/v2 <= 2.12.0.

Attack Chain

  1. Attacker sends a POST request to the /scan endpoint of the Dalfox REST API server (typically running on 0.0.0.0:6664).
  2. The request includes a JSON body with the url, options, custom-payload-file, skip-discovery, and param fields set.
  3. The custom-payload-file field contains the path to the file the attacker wants to read (e.g., /etc/hostname).
  4. The skip-discovery option is set to true, and param is set to ["q"] to bypass checks.
  5. Dalfox reads the specified file line by line using voltFile.ReadLinesOrLiteral.
  6. Each line of the file is embedded as the value of the q query parameter in a GET request to the attacker-controlled URL.
  7. Dalfox sends the HTTP GET request to the attacker’s server, exfiltrating one line of the file.
  8. The attacker receives the file content via the query parameter of the HTTP GET request.

Impact

Successful exploitation allows an attacker to read arbitrary files on the Dalfox host that the Dalfox process has access to. This includes sensitive data like SSH private keys, TLS certificates, .env files containing credentials, cloud credential files, and system configuration files. If combined with other vulnerabilities, such as the found-action RCE, the attacker could potentially gain full control of the server.

Recommendation

  • Implement the preferred remediation: Apply a denylist of fields that should never be accepted from the REST API, as suggested in the source, to prevent attackers from abusing CustomPayloadFile and other sensitive parameters.
  • Require the --api-key flag at server startup, as suggested in the source, to mandate authentication for all API requests.
  • Deploy the Sigma rule Detect Dalfox Unauthenticated File Read via API to detect attempts to exploit this vulnerability by monitoring HTTP POST requests to the /scan endpoint with a custom-payload-file parameter.
]]>highadvisoryunauthenticated-accessfile-readghsa