lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAKvdgaO5m53xO-NTieHVYicfBKgWFD4zrt=KRkg7bpWKcnV3wQ@mail.gmail.com>
Date: Thu, 29 Sep 2016 14:41:05 +0200
From: Rio Sherri <rio.sherri@...nstudent.info>
To: fulldisclosure <fulldisclosure@...lists.org>
Subject: [FD] KeepNote 0.7.8 Remote Command Execution

# Title : KeepNote 0.7.8 Remote Command Execution
# Date : 29/09/2016
# Author : R-73eN
# Twitter : https://twitter.com/r_73en
# Tested on : KeepNote 0.7.8 (Kali Linux , and Windows 7)
# Software : http://keepnote.org/index.shtml#download
# Vendor : ~
#
# DESCRIPTION:
#
# When the KeepNote imports a backup which is actuallt a tar.gz file
doesn't checks for " ../ " characters
# which makes it possible to do a path traversal and write anywhere in the
system(where the user has writing permissions).
# This simple POC will write to the /home/root/.bashrc the file test.txt to
get command execution when the bash is run.
# There are a lot of ways but i choose this just for demostration purposes
and its supposed we run the keepnote application
# as root (default in kali linux which this bug is tested).
#
#

View attachment "exploit.py" of type "text/x-python" (1623 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ