9
[local] sleuthkit 4.11.1 - Command Injection
source link: https://www.exploit-db.com/exploits/51225
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
sleuthkit 4.11.1 - Command Injection
Exploit:
/
# Exploit Title: sleuthkit 4.11.1 - Command Injection
# Date: 2023-01-20
# CVE-2022-45639
# Vendor Homepage: https://github.com/sleuthkit
# Vulnerability Type: Command injection
# Attack Type: Local
# Version: 4.11.1
# Exploit Author: Dino Barlattani, Giuseppe Granato
# Link poc: https://www.binaryworld.it/guidepoc.asp#CVE-2022-45639
# POC:
fls tool is affected by command injection in parameter "-m" when run on
linux system.
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows
attackers to execute arbitrary commands
via a crafted value to the m parameter
when it run on linux, a user can insert in the -m parameter a buffer with
backtick with a shell command.
If it run with a web application as front end it can execute commands on
the remote server.
The function affected by the vulnerability is "tsk_fs_fls()" from the
"fls_lib.c" file
#ifdef TSK_WIN32
{
....
}
#else
data.macpre = tpre; <---------------
return tsk_fs_dir_walk(fs, inode, flags, print_dent_act, &data);
#endif
Run command:
$ fls -m `id` [Options]
--
*Dino Barlattani*
www.linkedin.com/in/dino-barlattani-10bba11a9/
www.binaryworld.it <http://Binaryworld.it>
www.youtube.com/user/dinbar78
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK