Gửi #86683: EasyNAS 1.1.0 - Authenticated OS Command Injection thông tin

tiêu đềEasyNAS 1.1.0 - Authenticated OS Command Injection
Mô tảThe vulnerability is present in the backup and restore script, which is used to create and restore backups of the EasyNAS system. The vulnerability lies in the use of the system function to execute a command with user-supplied input. The following is the vulnerable script code "/backup.pl" on line 20: $rc=system("/usr/bin/sudo /usr/bin/tar cvf $mount_dir/$vol/$file @config_files > /dev/null" ); As seen in the code above, the script is using the system function to execute the command: /usr/bin/sudo /usr/bin/tar cvf $mount_dir/$vol/$file @config_files > /dev/null This command creates a backup of certain system files and stores it in the $mount_dir/$vol directory. The problem is that the $file variable and the $vol variable are being passed in as user-supplied input, without proper validation or sanitization. An attacker can craft a malicious GET request to the WebUI of the EasyNAS system, injecting a malicious command into the "name" and "vol" parameters of the GET request. https://gist.github.com/xbz0n/674af0e802efaaafe90d2f67464c2690
Người dùng
 xbz0n (UID 40658)
Đệ trình09/02/2023 15:07 (cách đây 3 những năm)
Kiểm duyệt14/02/2023 17:13 (5 days later)
Trạng tháiđược chấp nhận
Mục VulDB220950 [EasyNAS 1.1.0 /backup.pl system nâng cao đặc quyền]
điểm17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!