Author Topic: BatBadBut, command injection on Windows (Read 330 times)

madires · « **on:** April 10, 2024, 01:39:58 pm »

BatBadBut: You can't securely execute commands on Windows: https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/

Quote

The BatBadBut is a vulnerability that allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.

ejeffrey · « **Reply #1 on:** April 18, 2024, 03:27:18 am »

This requires that you pass raw user input on the command line to CreateProcess and the executable resolved to a batch file. That should be relatively rare. Still it's annoying the way command line expansion works in Windows. You have to know whether the target of CreateProcess is a binary or script to decide whether you should escape the arguments or not. Running scripts like this on Unix systems is also a potential source of problems.but at least execve works relatively predictably.


EEVblog Main Site	EEVblog on Youtube	EEVblog on Twitter	EEVblog on Facebook	EEVblog on Odysee

EEVblog Electronics Community Forum

Author Topic: BatBadBut, command injection on Windows (Read 330 times)

madires

BatBadBut, command injection on Windows

ejeffrey

Re: BatBadBut, command injection on Windows

Share me