CVE-2022-1292

This PoC demonstrates a command injection vulnerability in the c_rehash script due to improper sanitization of shell metacharacters in filenames. An attacker can execute arbitrary commands by crafting a malicious filename in the /etc/ssl/certs/ directory, which is processed by the script.

This PoC exploits CVE-2022-1292, a command injection vulnerability in the c_rehash script. It includes functionality to check for vulnerability, execute arbitrary commands, and establish a reverse shell via crafted certificate filenames.

This repository provides a proof-of-concept for CVE-2022-1292, a command injection vulnerability in the c_rehash script due to improper sanitization of shell metacharacters in filenames. The PoC demonstrates how an attacker can execute arbitrary commands by crafting a malicious filename in the /etc/ssl/certs/ directory.

This PoC demonstrates a command injection vulnerability in the c_rehash script due to improper sanitization of shell metacharacters. It creates a maliciously named certificate file to trigger arbitrary command execution when the script processes it.

This repository contains a simple bash script to check for the presence of CVE-2022-1292, a vulnerability in OpenSSL's c_rehash script. The script verifies if the system is vulnerable by checking for a specific command pattern in the c_rehash script.

This repository provides a detailed technical analysis of CVE-2022-1292, focusing on the CVSS scoring and attack vector. It argues that the attack vector should be 'Local' rather than 'Network' and outlines realistic exploitation scenarios.