raghavd3v / crlfsuite Goto Github PK

I've installed CRLFsuite under Kali latest version with all updates.

$ git clone https://github.com/Nefcore/CRLFsuite.git
$ cd CRLFsuite
$ sudo python3 setup.py install

When I tried to run for the very first time got the error below.

$ crlfsuite -h
Traceback (most recent call last):
  File "/usr/local/bin/crlfsuite", line 33, in <module>
    sys.exit(load_entry_point('CRLFsuite==2.1.1', 'console_scripts', 'crlfsuite')())
  File "/usr/local/bin/crlfsuite", line 25, in importlib_load_entry_point
    return next(matches).load()
StopIteration

Traceback (most recent call last):
File "/usr/local/bin/crlfsuite", line 33, in
sys.exit(load_entry_point('CRLFsuite==2.0', 'console_scripts', 'crlfsuite')())
File "/usr/local/bin/crlfsuite", line 25, in importlib_load_entry_point
return next(matches).load()
File "/usr/lib/python3.10/importlib/metadata/init.py", line 171, in load
module = import_module(match.group('module'))
File "/usr/lib/python3.10/importlib/init.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1050, in _gcd_import
File "", line 1027, in _find_and_load
File "", line 1006, in _find_and_load_unlocked
File "", line 688, in _load_unlocked
File "", line 883, in exec_module
File "", line 241, in _call_with_frames_removed
File "/usr/local/lib/python3.10/dist-packages/CRLFsuite-2.0-py3.10.egg/crlfsuite/main.py", line 4, in
from crlfsuite.core.cli import url, threads, verbose, urls, silent, method, std, cookies, data, user_agent, timeout, verify, read_urls, output_file, s_payloads
ImportError: cannot import name 'verbose' from 'crlfsuite.core.cli' (/usr/local/lib/python3.10/dist-packages/CRLFsuite-2.0-py3.10.egg/crlfsuite/core/cli.py)

Traceback (most recent call last):
File "/usr/bin/crlfsuite", line 33, in
sys.exit(load_entry_point('CRLFsuite==2.0', 'console_scripts', 'crlfsuite')())
File "/usr/bin/crlfsuite", line 22, in importlib_load_entry_point
for entry_point in distribution(dist_name).entry_points
File "/usr/lib/python3.9/importlib/metadata.py", line 542, in distribution
return Distribution.from_name(distribution_name)
File "/usr/lib/python3.9/importlib/metadata.py", line 196, in from_name
raise PackageNotFoundError(name)
importlib.metadata.PackageNotFoundError: CRLFsuite

Please see the readme of this project: https://github.com/ItsIgnacioPortal/Improper-Quotes-Monitor

TL;DR: CRLFsuite is vulnerable to privilege escalation because it tries to access a file without quotation marks. More specifically, when I run crlfsuite --help, python tries to run:

C:\Program Files\Python39\python.exe C:\Program Files\Python39\Scripts\crlfsuite-script.py --help

but because the path was not quoted properly, it actually runs:

C:\Program.exe Files\Python39\python.exe C:\Program Files\Python39\Scripts\crlfsuite-script.py --help

This vulnerability isn't super serious because crlfsuite doesn't need to be ran as Administrator at any point, and no "default" Windows configuration makes this exploitable. Old Windows versions (such as Windows 8.1) are still vulnerable though.

Is there any way to use both method GET/POST at same time?