You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create the following useles but valid script in a directory containing an equal sign (=), e.g.
c:\temp\=PSTest\Test.ps1
Enum State {
Unknown =1
New =2
}
Start the Script. You'll get:
The given assembly name or codebase was invalid. (Exception from HRESULT: 0x80131047)
…
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], FileLoadException
+ FullyQualifiedErrorId : System.IO.FileLoadException
Expected behavior
It's obvious: No valid character in the path of a PowerShell Script is allowed to affect the Script execution.
Actual behavior
PowerShell stops working with an exception because characters in the path of a PowerShell script can affect the PowerShell runtime.
I guess that a hacker is able to control powershell just by using special characters in the path of a script because PowerShell probably tries to interpret those characters.
Environment data
>$PSVersionTable
Name Value
---------
PSVersion 5.1.16299.98
PSEdition Desktop
PSCompatibleVersions {1.0,2.0,3.0,4.0...}
BuildVersion 10.0.16299.98
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Steps to reproduce
c:\temp\=PSTest\Test.ps1
Enum State { Unknown = 1 New = 2 }Expected behavior
It's obvious: No valid character in the path of a PowerShell Script is allowed to affect the Script execution.
Actual behavior
PowerShell stops working with an exception because characters in the path of a PowerShell script can affect the PowerShell runtime.
I guess that a hacker is able to control powershell just by using special characters in the path of a script because PowerShell probably tries to interpret those characters.
Environment data