Author Topic: BatBadBut, command injection on Windows  (Read 525 times)

0 Members and 1 Guest are viewing this topic.

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 7876
  • Country: de
  • A qualified hobbyist ;)
BatBadBut, command injection on Windows
« on: April 10, 2024, 01:39:58 pm »
BatBadBut: You can't securely execute commands on Windows: https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/

Quote
The BatBadBut is a vulnerability that allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
 

Offline ejeffrey

  • Super Contributor
  • ***
  • Posts: 3769
  • Country: us
Re: BatBadBut, command injection on Windows
« Reply #1 on: April 18, 2024, 03:27:18 am »
This requires that you pass raw user input on the command line to CreateProcess and the executable resolved to a batch file.  That should be relatively rare.  Still it's annoying the way command line expansion works in Windows.  You have to know whether the target of CreateProcess is a binary or script to decide whether you should escape the arguments or not.  Running scripts like this on Unix systems is also a potential source of problems.but at least execve works relatively predictably.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf