Full Disclosure mailing list archives
KeepNote 0.7.8 Remote Command Execution
From: Rio Sherri <rio.sherri () fshnstudent info>
Date: Thu, 29 Sep 2016 14:41:05 +0200
# Title : KeepNote 0.7.8 Remote Command Execution # Date : 29/09/2016 # Author : R-73eN # Twitter : https://twitter.com/r_73en # Tested on : KeepNote 0.7.8 (Kali Linux , and Windows 7) # Software : http://keepnote.org/index.shtml#download # Vendor : ~ # # DESCRIPTION: # # When the KeepNote imports a backup which is actuallt a tar.gz file doesn't checks for " ../ " characters # which makes it possible to do a path traversal and write anywhere in the system(where the user has writing permissions). # This simple POC will write to the /home/root/.bashrc the file test.txt to get command execution when the bash is run. # There are a lot of ways but i choose this just for demostration purposes and its supposed we run the keepnote application # as root (default in kali linux which this bug is tested). # #
Attachment:
exploit.py
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- KeepNote 0.7.8 Remote Command Execution Rio Sherri (Sep 29)