KeepNote 0.7.8 Remote Command Execution

[Rio Sherri <rio.sherri () fshnstudent info>]

# Title : KeepNote 0.7.8 Remote Command Execution
# Date : 29/09/2016
# Author : R-73eN
# Twitter : https://twitter.com/r_73en
# Tested on : KeepNote 0.7.8 (Kali Linux , and Windows 7)
# Software : http://keepnote.org/index.shtml#download
# Vendor : ~
#
# DESCRIPTION:
#
# When the KeepNote imports a backup which is actuallt a tar.gz file
doesn't checks for " ../ " characters
# which makes it possible to do a path traversal and write anywhere in the
system(where the user has writing permissions).
# This simple POC will write to the /home/root/.bashrc the file test.txt to
get command execution when the bash is run.
# There are a lot of ways but i choose this just for demostration purposes
and its supposed we run the keepnote application
# as root (default in kali linux which this bug is tested).
#
#

Attachment: exploit.py
Description:

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/