Skip to content

Instantly share code, notes, and snippets.

@spaze

spaze/find-cve-2020-15227.sh

Last active May 20, 2021 16:34
Show Gist options
  • Save spaze/fb6d8cdc296e0314b50f8b484bcd1385 to your computer and use it in GitHub Desktop.
Save spaze/fb6d8cdc296e0314b50f8b484bcd1385 to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2020-15227 nette/application RCE in-place patch
Raw
find-cve-2020-15227.sh
#!/bin/bash
# Find files in CVE-2020-15227 nette/application issue
# by @spazef0rze
# Run with `bash find-cve-2020-15227.sh`, works on Linux, FreeBSD, tested on Ubuntu 18.04, FreeBSD 11.4
# This is a universal finder for all affected versions.
# Requirements: find, grep, bash (might work with your default shell but YMMV)
# The fixes:
# https://github.com/nette/application/compare/v3.0.5...v3.0.6#diff-3206dd78561d1e8268bc318718c02134
# https://github.com/nette/application/compare/v2.4.15...v2.4.16#diff-3206dd78561d1e8268bc318718c02134
# https://github.com/nette/application/compare/v2.3.13...v2.3.14#diff-3206dd78561d1e8268bc318718c02134
# https://github.com/nette/application/compare/v2.2.9...v2.2.10#diff-3206dd78561d1e8268bc318718c02134
# https://github.com/nette/nette/compare/v2.1.12...v2.1.13#diff-0886800d8d2410f8fcffea5b2e996ee7
# https://github.com/nette/nette/compare/v2.0.18...v2.0.19#diff-0886800d8d2410f8fcffea5b2e996ee7
# The steps:
# find the file
# check if it has the code to be fixed, search for `if (!isset($params['callback'])) {`
# echo the filename if yes
find . \
-name MicroPresenter.php \
-exec grep --silent "^[[:space:]]\+if (\!isset(\$params\['callback'\])) {" {} \; \
-exec echo {} \;
Raw
update-cve-2020-15227.sh
#!/bin/bash
# In-place apply the CVE-2020-15227 nette/application patch
# by @spazef0rze
# Run with `bash update-cve-2020-15227.sh`, works on Linux, FreeBSD, tested on Ubuntu 18.04, FreeBSD 11.4
# This is a universal patcher for all affected versions.
# Requirements: find, grep, sed, bash (might work with your default shell but YMMV)
# The fixes:
# https://github.com/nette/application/compare/v3.0.5...v3.0.6#diff-3206dd78561d1e8268bc318718c02134
# https://github.com/nette/application/compare/v2.4.15...v2.4.16#diff-3206dd78561d1e8268bc318718c02134
# https://github.com/nette/application/compare/v2.3.13...v2.3.14#diff-3206dd78561d1e8268bc318718c02134
# https://github.com/nette/application/compare/v2.2.9...v2.2.10#diff-3206dd78561d1e8268bc318718c02134
# https://github.com/nette/nette/compare/v2.1.12...v2.1.13#diff-0886800d8d2410f8fcffea5b2e996ee7
# https://github.com/nette/nette/compare/v2.0.18...v2.0.19#diff-0886800d8d2410f8fcffea5b2e996ee7
# The steps:
# find the file (same as in the "find" script)
# check if it has the code to be fixed, search for `if (!isset($params['callback'])) {` (same as in the "find" script)
# echo the filename if yes (same as in the "find" script)
# create a backup file with a suffix, will create `MicroPresenter.php-nette-autoupdate-backup.<random digits>`
# replace the code above with `$callback = isset($params['callback']) ? $params['callback'] : null; if (!$callback instanceof \Closure) {`
# replace the error message because why not
# ...
# PROFIT!
# I love escaping single quotes inside single-quoted strings, '"'"' FTW HAHAHA NO
find . \
-name MicroPresenter.php \
-exec grep --silent "^[[:space:]]\+if (\!isset(\$params\['callback'\])) {" {} \; \
-exec echo {} \; \
-exec sed -i"-nette-autoupdate-backup.$RANDOM" 's/if (!isset($params\['"'"'callback'"'"'\])) {/$callback = isset($params\['"'"'callback'"'"'\]) ? $params\['"'"'callback'"'"'\] : null;\ if (!$callback instanceof \\Closure) { \/\/ patched to fix CVE-2020-15227/; s/Parameter callback is missing./Parameter callback is not a valid closure./' {} \;
@f3l1x
Copy link

f3l1x commented Oct 16, 2020

👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment