Multiple Remote Code Executioin #1842
Comments
nick2wang
pushed a commit
to nick2wang/Archery
that referenced
this issue
Nov 8, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
重现步骤
https://github.com/hhyo/Archery/blob/v1.8.5/sql/plugins/my2sql.py#L36
Plugin my2sql has a problem with the filtering method of start_time and stop_time parameters, which leads to injection system command execution, resulting in a remote command execution vulnerability.
https://github.com/hhyo/Archery/blob/v1.8.5/sql/plugins/binglog2sql.py#L43
Plugin binlog2sql has problems in the filtering method of start_file, end_file, start_time, stop_time parameters, which leads to injection system command execution, resulting in remote command execution vulnerability.
https://github.com/hhyo/Archery/blob/v1.8.5/sql/archiver.py#L283
https://github.com/hhyo/Archery/blob/v1.8.5/sql/plugins/pt_archiver.py#L41
Plugin archiver do not filter
whereparameter, which leads to the execution of injectable system commands, resulting in a remote command execution vulnerability. Users in the DBA role can create malicious workflow and execute the workflow.预期外的结果
Improper use of shlex.quote can cause quote bypassing with one more quote, and cause remote command execution.
日志文本
No response
版本
v1.8.5
部署方式
Docker
是否还有其他可以辅助定位问题的信息?比如数据库版本等
No response
The text was updated successfully, but these errors were encountered: