You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An independent reviewer has shown that the conf lines that deal with SanitisedFileFirstLine and KeyListFirstLine can both be used to execute arbitrary code.
This is probably occurring due to some part of Strippy either invoking or executing the string to pull out it's 'final form'. This had been the MO for those configuration lines in previous versions of Strippy before I moved away from that design specifically to avoid this type of problem.
It appears I haven't scrubbed this behaviour from the code completely as the following conf line demonstrates a code execution vulnerability: ')";calc.exe;"This keylist was created at {0}.'
Probable Fix:
line 367: $out = Invoke-Expression "$($str -f $(get-date).ToString())"
Fix will be to do a manual replacement for /{\d}/ rather than using invoke-expression
The text was updated successfully, but these errors were encountered:
This should be addressed post-haste
An independent reviewer has shown that the conf lines that deal with
SanitisedFileFirstLine
andKeyListFirstLine
can both be used to execute arbitrary code.This is probably occurring due to some part of Strippy either invoking or executing the string to pull out it's 'final form'. This had been the MO for those configuration lines in previous versions of Strippy before I moved away from that design specifically to avoid this type of problem.
It appears I haven't scrubbed this behaviour from the code completely as the following conf line demonstrates a code execution vulnerability:
')";calc.exe;"This keylist was created at {0}.'
Probable Fix:
line 367:
$out = Invoke-Expression "$($str -f $(get-date).ToString())"
Fix will be to do a manual replacement for /{\d}/ rather than using invoke-expression
The text was updated successfully, but these errors were encountered: