Command Injection Vulnerability

Hi there,

As I want to integrate `ropstar` in [OpenCRS](https://github.com/CyberReasoningSystem), I analyzed the code to better understand the implemented exploitation techniques. Despite the program is meant to be used locally, I want to address a security issue that I discovered.

# Description

Command injection is possible while exploiting a statically linked binary with a malicious filename.

# Steps to Reproduce

1. Download the source code of an exploitable binary: `wget https://raw.githubusercontent.com/TechSecCTF/pwn_challs/master/stack/bof/bof.c -o /tmp`.
2. Compile: `gcc -m32 -static -fno-stack-protector /tmp/bof.c -o "/tmp/bin/bof;touch here;"`.
3. Run `ropstar`: `python3 ropstar.py -o 1 -state 1,1,1 "/tmp/bin/bof;touch here;"`.
4. Observe the creation of the `here` file (due to command injection): `ls here`.

# Patch

I already forked the repository and proposed a patch. Please see https://github.com/xct/ropstar/pull/11.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Command Injection Vulnerability #12

Description

Steps to Reproduce

Patch

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Command Injection Vulnerability #12

Description

Description

Steps to Reproduce

Patch

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions