Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OS Command Injection in sandcat plugin #462

Closed
1c3z opened this issue Sep 2, 2019 · 2 comments
Closed

OS Command Injection in sandcat plugin #462

1c3z opened this issue Sep 2, 2019 · 2 comments
Labels

Comments

@1c3z
Copy link

1c3z commented Sep 2, 2019

login the caldera

open the url
http://127.0.0.1:8888/plugin/sandcat/gui

Enter a url, click clone button

`touch /tmp/pwn`

image

image

@khyberspache
Copy link
Contributor

Good catch. That makes sense considering how we clone the site... appears to truncate the wget command to allow arbitrary shell command execution. If you have a PR to fix this, feel free to submit.

@privateducky
Copy link
Contributor

This appears fixed - closing (thanks @ajunlee)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants