CVE-2022-4510 PoC — Path Traversal in binwalk

Source

https://github.com/Kalagious/BadPfs-CVE-2022-4510

Associated Vulnerability

Title:Path Traversal in binwalk (CVE-2022-4510)
Description:A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included.

Description

Python script that generates pfs payloads to exploit CVE-2022-4510

Readme

# BadPfs
Python script that generates pfs payloads to exploit CVE-2022-4510

Simply create a pfs payload using the script. When binwalk is run with -e on the payload, a file can be overwritten with the permission of binwalk.

This example will overwrite /etc/sudoers with the contents of ./data when it is opened with -e through binwalk. This is a great way to privesc.
```
# python3 BadPfs.py --out=payload.pfs --data=./data --target=/etc/sudoers
```

File Snapshot


 [4.0K]  /data/pocs/b8d69ee1aa88ac6f14d79ee349954c6eabbda65f
├── [ 888]  BadPfs.py
└── [ 452]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!