Am 13.05.2016 um 17:30 schrieb Rio Sherri: > # Title : runAV mod_security Remote Command Execution > # Date : 13/05/2016 > # Author : R-73eN > # Tested on : mod_security with runAV Linux 4.2.0-30-generic #36-Ubuntu SMP > Fri Feb 26 00:57:19 UTC 2016 i686 i686 i686 GNU/Linux > # Software : > http://ift.tt/1skmJtu > # Vendor : http://ift.tt/1oG2O4r > # https://www.infogen.al/ > > sprintf (cmd, "/usr/bin/clamscan --no-summary %s", argv[1]); > The argv[1] parameter is passed unsanitized to a sprintf function > which sends the formatted output to the cmd variable, > which is later passed as a parameter to a run_cmd function on line 14 i don't think so because the temp-files of mod-security to inspect uploads are not controlled by the client and don't contain anything in their names which could be critical
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment