Remote code execution

Question

Remote code execution

kravietz opened this issue 5 years ago · comments

This code allows remote code execution as virtually no validation is applied to the hostname supplied.

gip = os.popen("dig @8.8.8.8 +short {0} | tail -1".format(

You can pass xxx; touch /tmp/poc and the touch command will be executed. I realize the library is intended for writing local tests but I can easily imagine someone using it to implement a web service for testing 3rd party domains and it would be catastrophic in such scenario. I guess a big fat warning would be sufficient...

Paweł Krawczyk · Answer 1 · Fri Apr 26 2019 21:17:38 GMT+0800 (China Standard Time)

Same applies to this SSL code

Raymond Penners · Answer 2 · Sun May 26 2019 04:23:39 GMT+0800 (China Standard Time)

The SSL code might be replaced with something like this: https://github.com/Ecno92/cert-info (though I must admit I did not do proper research here...)

Paweł Krawczyk · Answer 3 · Sun Jun 02 2019 14:44:29 GMT+0800 (China Standard Time)

@pennersr This can be easily fixed using built-in Python functions in case of SSL, see my fork here https://github.com/kravietz/netwell-ng/blob/master/netwell/checkers.py#L212 and I have also reimplemented ther DNS part using dnspython library https://github.com/kravietz/netwell-ng/blob/master/netwell/checkers.py#L278

Raymond Penners · Answer 4 · Mon Jun 03 2019 13:49:17 GMT+0800 (China Standard Time)

Great, can you send over a pull request?