# Exploit Title: sleuthkit 4.11.1 - Command Injection 
# CVE-2022-45639
# Vendor Homepage:
# Vulnerability Type: Command injection
# Attack Type: Local
# Version: 4.11.1
# Exploit Author: Dino Barlattani, Giuseppe Granato
# Link poc:
# POC:

fls tool is affected by command injection in parameter "-m" when run on
linux system.
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows
attackers to execute arbitrary commands
via a crafted value to the m parameter

when it run on linux, a user can insert in the -m parameter a buffer with
backtick with a shell command.
If it run with a web application as front end it can execute commands on
the remote server.

The function affected by the vulnerability is "tsk_fs_fls()" from the
"fls_lib.c" file

#ifdef TSK_WIN32

   data.macpre = tpre; <---------------

   return tsk_fs_dir_walk(fs, inode, flags, print_dent_act, &data);


Run command:

$ fls -m `id` [Options]

*Dino Barlattani* <>