This is related to #3 , but this time affects SMBGrab.pl
Command Execution 1:
line 69: my @lines = smbclient -N -A $tempAuthFile '\\\\$server\\$sharename' -c 'get "$file" temp_out.txt' 2> /dev/null;
It is not that trivial to fix the vulnerability in this case as a pre-parsing is done in line 62. I would recommend to re-write the parsing process, or implement a check that refuses files having / in the name.
Command Execution 2:
line 94: mv temp_out.txt '$new_file_name';
Command Execution 3:
line 98: my @data_lines = smbclient -N -A $tempAuthFile '\\\\$server\\$sharename' -c 'allinfo "$file"' 2> /dev/null;
Raikia
commented
6 years ago
This is related to #3 , but this time affects SMBGrab.pl Command Execution 1: line 69: my @lines =
smbclient -N -A $tempAuthFile '\\\\$server\\$sharename' -c 'get "$file" temp_out.txt' 2> /dev/null;It is not that trivial to fix the vulnerability in this case as a pre-parsing is done in line 62. I would recommend to re-write the parsing process, or implement a check that refuses files having / in the name.
Command Execution 2: line 94:
mv temp_out.txt '$new_file_name';Command Execution 3: line 98: my @data_lines =
smbclient -N -A $tempAuthFile '\\\\$server\\$sharename' -c 'allinfo "$file"' 2> /dev/null;