mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-22 19:55:40 +00:00
1.2 KiB
1.2 KiB
CVE-2011-10007
&color=brightgreen)
Description
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep() encounters a crafted filename.A file handle is opened with the 2 argument form of open() allowing an attacker controlled filename to provide the MODE parameter to open(), turning the filename into a command to be executed.Example:$ mkdir /tmp/poc; echo > "/tmp/poc/|id"$ perl -MFile::Find::Rule \ -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")'uid=1000(user) gid=1000(user) groups=1000(user),100(users)
POC
Reference
- http://www.openwall.com/lists/oss-security/2025/06/05/4
- https://github.com/richardc/perl-file-find-rule/pull/4