From 91ae50eb27ffc2573986daa199d96fa021009be3 Mon Sep 17 00:00:00 2001 From: space-r7 Date: Thu, 9 Sep 2021 17:28:05 -0500 Subject: [PATCH] escapeshellcmd -> escapeshellarg --- .../exploit/linux/http/elfinder_archive_cmd_injection.md | 2 +- modules/exploits/linux/http/elfinder_archive_cmd_injection.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/documentation/modules/exploit/linux/http/elfinder_archive_cmd_injection.md b/documentation/modules/exploit/linux/http/elfinder_archive_cmd_injection.md index c340b95c0c..a38a6af1a8 100644 --- a/documentation/modules/exploit/linux/http/elfinder_archive_cmd_injection.md +++ b/documentation/modules/exploit/linux/http/elfinder_archive_cmd_injection.md @@ -4,7 +4,7 @@ elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the `name` parameter is sanitized -with the `escapeshellcmd()` php function and then passed to the +with the `escapeshellarg()` php function and then passed to the `zip` utility. Despite the sanitization, supplying the `-TmTT` argument as part of the `name` parameter is still permitted and enables the execution of arbitrary commands as the `www-data` user. diff --git a/modules/exploits/linux/http/elfinder_archive_cmd_injection.rb b/modules/exploits/linux/http/elfinder_archive_cmd_injection.rb index 69d13bd557..d0cf16490a 100644 --- a/modules/exploits/linux/http/elfinder_archive_cmd_injection.rb +++ b/modules/exploits/linux/http/elfinder_archive_cmd_injection.rb @@ -21,7 +21,7 @@ class MetasploitModule < Msf::Exploit::Remote vulnerability via its archive functionality. When creating a new zip archive, the `name` parameter is sanitized - with the `escapeshellcmd()` php function and then passed to the + with the `escapeshellarg()` php function and then passed to the `zip` utility. Despite the sanitization, supplying the `-TmTT` argument as part of the `name` parameter is still permitted and enables the execution of arbitrary commands as the `www-data` user.