Skip to content
This repository has been archived by the owner on Apr 13, 2023. It is now read-only.

Security Issue: Arbitrary shell command execution #25

Open
BlueCocoa opened this issue Dec 25, 2016 · 1 comment
Open

Security Issue: Arbitrary shell command execution #25

BlueCocoa opened this issue Dec 25, 2016 · 1 comment
Labels
enhancement

Comments

@BlueCocoa
Copy link
Contributor

Affected: Versions with you-get enabled

Reproducible: YES

POC

Steps:

  1. Enable you-get feature
  2. Add new task
  3. type [ANY URL] & [ANY SHELL COMMAND]

for example, http://www.bilibili.com/video/av7265606/ & touch ~/vulnerable
will create a file named vulnerable in user's home directory.

Related code

in YouGet.swift

private func sh(command: String) -> String?

function sh takes an arbitrary string and pass it as the second argument to /bin/sh -c

Solution

Maybe the best way, add slashes or escapes for any user input.
@BlueCocoa
Copy link
Contributor Author

貌似文件权限略坑,你参考这个commit修吧😂

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shincurry @BlueCocoa