A few lines below this, you accept unsensitised user input to the buffer using scanf()
which can lead to a buffer overflow
scanf("%s", adb_connect_ip);
If you look down another few lines, after copying the user input to the buffer, you then proceed
to execute the users input using system() without validating it
system(adb_con_before);
I would recommend fixing this, whilst it not being a huge issue due to the fact this project
was clearly just something written for fun & not meant to be used in a real world scenario, it's still
a bad idea to leave vulnerable code inside of your C2
There is a buffer overflow & command injection inside of the
connect
command referenceHere you initialise a buffer:
A few lines below this, you accept unsensitised user input to the buffer using
scanf()
which can lead to a buffer overflowIf you look down another few lines, after copying the user input to the buffer, you then proceed to execute the users input using
system()
without validating itI would recommend fixing this, whilst it not being a huge issue due to the fact this project was clearly just something written for fun & not meant to be used in a real world scenario, it's still a bad idea to leave vulnerable code inside of your C2