Command Injection Vulnerability

Question

Command Injection Vulnerability

proteansec opened this issue 9 years ago · 0 comments

Hi,

The wifresti.py contains a command injection vulnerability when calling os.system command. Take a look at the following output where the linux platform was chosen after which the "test; ls/" string was inputted where the "ls /" is it's own command, which is executed on the system as you can see the present directories in root directory / right under the inputted string,.

Please choose your operating system.

 1) linux
 2) Windows
 3) Mac OS

> 1

All wireless networks :

ls: cannot access /etc/NetworkManager/system-connections/: No such file or directory


Insert the network name , or press (a) to see information about all networks. 

> test; ls /
###################################### - test; ls / - ######################################

bin  boot  dev  etc  home  lib  media  mnt opt  proc  root  run  sbin  sys  tmp  usr  var

#############################################################################################


All wireless networks :

ls: cannot access /etc/NetworkManager/system-connections/: No such file or directory


Insert the network name , or press (a) to see information about all networks.

>

Please fix the vulnerability by using subprocess to call external programs by properly escaping user input and not os.system.