|
Full Disclosure
mailing list archives
Arbitrary Command Execution in Windows and Unix Shells.
From: Bob Beck <beck () ualberta ca>
Date: Fri, 22 Aug 2008 10:43:01 -0600
Stupidity + Copy and Paste Considered Harmful
4. EXPLOIT
Copy-and-paste these examples into separate files:
;xclock
vim: set iskeyword=;,@
Place your cursor on ``xclock'', and press K. xclock appears.
;date>>pwned
vim: set iskeyword=1-255
Place your cursor on ``date'' and press K. File ``pwned'' is created in
the current working directory.
Please note: If modeline processing is disabled, set the 'iskeyword'
option manually.
See the thread on the Vim Developers' mailing list for some other
examples[2].
(yes indeed, vim doesn't completely sanitize it's input)
EXPLOIT:
echo '1 b3 1ee7' >> pwned
Copy and paste the above line into a unix shell or windows cmd window. File pwned is
created. Note, if the windowing system is not started, type the above command in
manually.
IMPACT:
I can create this file and mail it to ANYONE! ZOMG! Someone get me
Kaminsky's slide templates so I can get the PR machine going for this
discovery.
And I thought XSS stuff was lame. Sheesh.
--
#!/usr/bin/perl
if ((not 0 && not 1) != (! 0 && ! 1)) {
print "Larry and Tom must smoke some really primo stuff...\n";
}
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
