diff --git a/Controller/Controller.cs b/Controller/Controller.cs index a80aa7c..2c10c64 100644 --- a/Controller/Controller.cs +++ b/Controller/Controller.cs @@ -151,10 +151,10 @@ public static object VulnerableCmd(string UserStr, string Token, string Secret) /* Effectue une requête DNS pour le FQDN passé en paramètre */ - if (VLAIdentity.VLAIdentity.VulnerableValidateToken(Token, Secret) && Regex.Match(UserStr, @"^(?:[a-zA-Z0-9_\-]+\.)+[a-zA-Z]{2,}(?:.{0,20})$").Success) + if (VLAIdentity.VLAIdentity.VulnerableValidateToken(Token, Secret) && Regex.Match(UserStr, @"^(?:[a-zA-Z0-9_\-]+\.)+[a-zA-Z]{2,}(?:.{0,100})$").Success) { Process Cmd = new Process(); - Cmd.StartInfo.FileName = RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? "cmd" : "/bin/sh"; + Cmd.StartInfo.FileName = RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? "powershell" : "/bin/sh"; Cmd.StartInfo.RedirectStandardInput = true; Cmd.StartInfo.RedirectStandardOutput = true; Cmd.StartInfo.CreateNoWindow = true; diff --git a/README.md b/README.md index 073fd95..c9b2b11 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ ## 🐞 Vulnerabilities -| CWE | Description | Difficulty | Estimated Reward in Bug Bounty | +| CWE | Description | Difficulty | Estimated Bug Bounty Reward | |----|---|----|---| | CWE-22 | Path Traversal | Medium | 500-5.000$ | | CWE-78 | OS Command Injection | Easy | 1.000-10.000$ | @@ -27,7 +27,7 @@ | CWE-91 | XML Injection | Hard | 0-500$ | | CWE-98 | Remote File Inclusion | Hard | 1.000-10.000$ | | CWE-184 | Incomplete List of Disallowed Inputs | Medium | 500-2.000$ | -| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | Hard | 1.000-20.000$ | +| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | Medium | 1.000-20.000$ | | CWE-213 | Exposure of Sensitive Information Due to Incompatible Policies | Easy | 500-2.000$ | | CWE-284 | Improper Access Control | Medium | 1.000-5.000$ | | CWE-287 | Improper Authentication | Medium | 500-5.000$ |