CVE-2019-14745 PoC — radare2 命令注入漏洞

Source

https://github.com/xooxo/CVE-2019-14745

Associated Vulnerability

Title:radare2 命令注入漏洞 (CVE-2019-14745)
Description:radare2是一套用于处理二进制文件的库和工具。 radare2 3.7.0之前版本中的libr/core/cbin.c文件的‘bin_symbols()’函数存在命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中，网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。

Description

weaponized radare2 vulnerability found by @CaptnBanana and blenk92

Readme

# CVE-2019-14745
weaponized radare2 vulnerability (CVE-2019-14745 assigned) found by @CaptnBanana and blenk92

For details about vulnerability, read https://bananamafia.dev/post/r2-pwndebian/

# Usage
First of all, you need Python bindings of LIEF (https://lief.quarkslab.com/)
Then, run script as:

`python nukeradare2.py <binary_name> <one of the symbols of that binary> <shell command>`

This will create a binary with nuked_ as prefix. Run it with:

`radare2 -c "ood" <nuked_binary>`

or give "ood" as a command in radare2. Note that radare2 will run your command twice.

File Snapshot


 [4.0K]  /data/pocs/d5808fcaa551038bd27c27420bfbd16d061d8f75
├── [1.0K]  LICENSE
├── [ 459]  nukeradare2.py
└── [ 575]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!