-
-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple commands injection into cmd
/cmdj
while implementing automation scripts
#77
Comments
Hi @radare, |
yeah may be good to document the behaviour of newlines and semicolons
… On 23 Oct 2018, at 22:58, a1ext ***@***.***> wrote:
Hi @radare <https://github.com/radare>,
Is it safe to users to keep this behavior? Is it docummented what cmd/cmdj can run many commands at once?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#77 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA3-lsqS9ZicWXiwh2cLWmd_jX4RR0ciks5un4LxgaJpZM4X2ooQ>.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Environment
Story
While working on some new sample, I was writing a script for decoding embed strings. It has some getting pointers, reading encrypted string, string deciphering and adding a comment to the place, where the string is. Script is looked as the following:
While running this script I got the assertion failure:
That was strange, because a stack trace showed that this code is inside rading from console:
Digging deeper into this, I realized that some of the comments which was passed to
CCa
command had have\n
inside. So, that means a comment string was splitted by radare by\n
and interpreted as a separate command. The following code finfirmed my thoughts:the string after
\n
islol
and was interpreted by radare2 aslist files and directories
command.This means if user automatically decrypts some string and wanted to store it as a comment, he can occasionnaly run some valid radare2 command and pwn itself. For example he can write some shellcode and execute it or spawn some shell command.
The text was updated successfully, but these errors were encountered: