Add XmlEncode in NewImmediateTask function

FSecureLABS / SharpGPOAbuse

SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by that GPO.

1.03k stars 135 forks source link

Add XmlEncode in NewImmediateTask function #9

Open Dliv3 opened 4 years ago

Dliv3 commented 4 years ago

There is a bug in NewImmediateTask function

If the user set Command and Arguments as shown below, the character > will cause the ScheduledTasks.xml to not be parsed correctly

--Command "cmd.exe" --Arguments "/c echo 1234 > %tmp%\1111.txt"

This PR fixed this bug.