You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As noted in testssl.sh: #TODO: Still no shell injection safe but if just run it from the cmd line: that's fine
The testssl mail program does no input checking on the A records IP data, and simply injects this into the the subprocess.run command argument.
From where testssl.sh will possible hit the issue noted in its code.
Inserting a bash script into the dns records data of a domain that is tested will trip this up.
The text was updated successfully, but these errors were encountered:
As noted in testssl.sh:
#TODO: Still no shell injection safe but if just run it from the cmd line: that's fineThe testssl mail program does no input checking on the A records IP data, and simply injects this into the the subprocess.run command argument.
From where testssl.sh will possible hit the issue noted in its code.
Inserting a bash script into the dns records data of a domain that is tested will trip this up.
The text was updated successfully, but these errors were encountered: