Non Default Folder Privilege Escalation
Client-Side Injection via Binary Planting (No Privilege Escalation)
Overview of the Vulnerability
Client-side injection via binary planting is a vulnerability that results from client-side untrusted data, in the form of a binary file, being interpreted and executed by the system. Within the application an attacker is able to load a planted binary file on a local or remote file system, which is then loaded and executed by the application. As a result, the attacker is able to invoke code remotely on the machine.
Business Impact
This vulnerability can lead to reputational damage and indirect financial loss to the company through the impact to customers’ trust.
Steps to Reproduce
Use a browser to navigate to: {{URL}}
Notice that {{value}} is loaded by the application when doing {{action}}
Create binary file using {{software}}
Upload binary file using {{action}}
{{action}} to see permissions executed by the system
Proof of Concept (PoC)
The screenshot(s) below demonstrates the binary planting:
{{screenshot}}
Recommendation(s)
There is no single technique to protect from binary planting. However, the following best practices should be adhered to:
All client-side input data should be validated based on the content it is reasonable to contain for users When loading libraries or launching executable files, ensure that absolute paths are used. Do not use relative paths
For more information, please see:
Last updated