 |
Post AvxfYNuJTTyiwYKtn6 by [email protected] |
 |
More posts by [email protected] |
|
Post #Avwv6k5qnX3Hkic7UG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
"Arbitrary File Read via file:// Protocol in cURL"Well, you see... �… |
|
|
|
Post #Avwv6kDILr0U7o645g by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@bagder O_o Thats like a support ticket for "I've deleted the Interne… |
|
|
|
Post #AvwxOahqdagflA1dcu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
https://hackerone.com/reports/3242087 |
|
|
|
Post #AvwxOaoEFrn84x0jZY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder Hey @pixelbeat I think cat might have this same, uh, "security iss… |
|
|
|
Post #AvwxYnreZReFSsTuIC by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@bagder DOOOOOOM |
|
|
|
Post #AvwxbynuM0hqGJFCIy by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@lyda @bagder @pixelbeat computing would be much, much safer, if files could no… |
|
|
|
Post #AvxCRM6YsdckehMSbQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@bagder actually I see more and more people in this industry that can’t disti… |
|
|
|
Post #AvxFDMHxhR6b2Ai8uG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@bagder You should demand a reverse bug bounty of not less than 1000€. That&#… |
|
|
|
Post #AvxKim2yTqlvfaV4Ou by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder Is there any reason to use file:// with curl? |
|
|
|
Post #AvxSoRg3vTtfrizy0O by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@0x10f Yes, you have a script that downloads a variety of stuff, why not just l… |
|
|
|
Post #AvxWRiX7USgtIbEXfk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder 100% AI slop to make some quick bucks 🤣 |
|
|
|
Post #AvxaAqE8228Q3QYiZc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@bagder They even just say it: a person using this program can read files they�… |
|
|
|
Post #Avxf1F719a606rTWmu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagderI think this is partially the result of a certain Bash bug years ago tha… |
|
|
|
Post #Avxf1mrbfNyEmuWhUG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@[email protected] surely they just jammed a single sentence into AI to ge… |
|
|
|
Post #Avxf1mzPCOD1B6Avdw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@froge @bagder I'm negatively impressed by the sheer awfulness of the moder… |
|
|
|
Post #Avxf2rSQ4YdLKCG21w by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder this is so dumb… it still has the same access rights as the user exec… |
|
|
|
Post #AvxfAOYbPI3w0bk40G by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder As long as you don't accept redirects to file:// I can't see it… |
|
|
|
Post #AvxfAOh6tersQzirGS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bojidar_bg @bagder Anakin: curl's accepting all redirectsPadme: All but to… |
|
|
|
Post #AvxfAOnUVvyKkmhxD6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@flxtr @bojidar_bg @bagder Anakin: ... |
|
|
|
Post #AvxfAOuw4FvX7sBtoW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@f4grx @bojidar_bg @bagder Padme: Right? 😦 |
|
|
|
Post #AvxfFhAtc9aNCMBHEG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder next, you will be telling me if I pipe the output of curl to sudo bash,… |
|
|
|
Post #AvxfFhHHEQgpW9ANAu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@smallsees @bagder but nobody would ever do that...?Oh no! |
|
|
|
Post #AvxfHtWCgxRG3pCDK4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder @GossiTheDog haha, maybe we should enable a „10Cent fee per bug filed… |
|
|
|
Post #AvxfJrW56dpaQm4q4O by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder works as intended... |
|
|
|
Post #AvxfMnykiOuGKOtJ1k by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder Same as 'arbitrary command execution' via sudo with ALL=NOPASSW… |
|
|
|
Post #AvxfQzdTJkN5dgvyxE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder is someone passing user-supplied URLs to curl in a cgi-bin script? |
|
|
|
Post #AvxfUdrSDTqDGVDL7o by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder ah the great joys of putting an LLM in front of a greedy idiot |
|
|
|
Post #AvxfWQYqdXucawMY2C by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder Severity: Critical 9 ~ 10 |
|
|
|
Post #AvxfYNuJTTyiwYKtn6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder 😂 |
|
|
|
Post #AvxfZDquLO9U338uhc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
you should use that as description in the man page “FILE Read or write arbitr… |
|
|
|
Post #AvxfkEEZGWJIPvSRGa by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder these type of reports are a DDOS-attack against free software projects,… |
|
|
|
Post #Avxfl2PchgrY2h0yRM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder |
|
|
|
Post #Avxfqf0AeksBAon4im by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder cat and more have the same security bug, I've been told. |
|
|
|
Post #Avxfqf8KAROXa6baQi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bortzmeyer @bagder I opened Nautilus and it allowed me to see ALL files in my … |
|
|
|
Post #AvxfqfFPk549w5vFTs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@brian @bortzmeyer @bagderI am seriously considering to switch to windows over … |
|
|
|
Post #Avxfqx9hA5BdTZNw48 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder lol |
|
|
|
Post #AvxfumyEyDRJ2xr9Fo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@AndiBarth @bagder same as arbitrary command execution in bash when you boot in… |
|
|
|
Post #Avxfus59xuwets8FEW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@mndflayr @bortzmeyer @bagder It’s even worse on Windows. Opened “explorer�… |
|
|
|
Post #AvxfutcWFNDvfckOrw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder it's even worse, http:// can read arbitrary web pages! all the inte… |
|
|
|
Post #Avxfxh3RQGYJZDfqLo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder Can I get bug bounty for this: curl can let a user download content tha… |
|
|
|
Post #AvxfzX7HLLMJK8LW9w by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder well that's clearly CVSS 9.8! |
|
|
|
Post #Avxg22KQGiyGhmghfM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@flxtr @bojidar_bg @bagder Right. Just tested it and it does not redirect (beca… |
|
|
|
Post #Avxg22Qnt04j1Zfnc0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@f4grx @flxtr Gah! What a waste of a perfectly good _theoretical_ vulnerability… |
|
|
|
Post #Avxg5lNxCk3HJd7Hk0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bojidar_bg @bagder ooh, now there's an idea. You can imagine some Web 1.0… |
|
|
|
Post #AvxgFYx2HzmbeDCNCC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder please don't feed a troll |
|
|
|
Post #AvxgGQ2WuIfYIbB0cK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder "water is wet" |
|
|
|
Post #AvxgGQB2OfTUiz9nsW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@ocramius @bagder I wasn't aware, I'm shocked, shocked I tell you |
|
|
|
Post #AvxgI33PL4NraZMdVY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@brian @bortzmeyer @bagder GPU drivers facilitate physical attackers to interac… |
|
|
|
Post #AvxgJjhOGuA48gs2Ge by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@liw @bagder Arbitrary code execution in CURL when piped into `sh`. |
|
|
|
Post #AvxgOCPvRJmOMjpV0C by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@[email protected] Better report coreutils for cat too, as it is also able… |
|
|
|
Post #AvxgPDRX6vUzpy4Akq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder I don't think you understand the severity of this exploit.First, it… |
|
|
|
Post #AvxgPDYGhst2ArDYFk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder @mage_of_dragons if the attacker does that they generally also can run … |
|
|
|
Post #AvxgQzDqxBusJOVnhg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder lol. lmao, even. |
|
|
|
Post #AvxgTU9cv9dMpAj78S by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder Wow. This is... something... special... |
|
|
|
Post #AvxgeOMmmPpM3k5AUy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder Really?But finally it's the same shit as last week...🤷♂️B… |
|
|
|
Post #AvxgjgDvoZdWtGSjEe by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bortzmeyer @bagder Now, of course, if you run cat or more or curl as suid root… |
|
|
|
Post #Avxgn6EzXYS2RwaZJw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder Maybe there is a secret contest for "Who creates the most stupid r… |
|
|
|
Post #Avxgn6Lj8Vq4mpjwoq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@treibholz it's gonna be tough to beat some of the ones we already have rec… |
|
|
|
Post #AvxgpqXeMiO4d2cs0O by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder "if an attacker has the ability to run arbitrary code on the targe… |
|
|
|
Post #AvxgsakzVe4OXeAvOy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@f4grx @bojidar_bg @bagder I wouldn't have expected anything else. I just d… |
|
|
|
Post #AvxgtKhig8ml2ozxgm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder Mr Tufan: no thanks found, reputation -5. This is fine. |
|
|
|
Post #Avxh1XvpNnVeNyVuqW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder "Per project policy for transparency, we want all reports disclose… |
|
|
|
Post #Avxh1pXfuKsv0HLshM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@IngaLovinde In my experience quite often not, but that's a layer 8 restric… |
|
|
|
Post #AvxhnEXGnfra86lYbQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@bagder That's a feature, not a bug 😆😂🤦♂️ |
|
|
|
Post #AvxjNV6glXxFu6Brai by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@bagder you're clearly lacking a sandbox to defend against this 🫣 |
|
|
|
Post #Avxji5Wh4KvueGAeHI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@lyda @bagder @pixelbeat did you know what sudo allows an attacker to execute c… |
|
|
|
Post #Avxu8YAYCHeKYN4Ptw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@smrqdt fuck if we throw sudo at it, we also have a pretty hefty privilege esca… |
|
|
|
Post #Avxu8YHHnF2MtGDnOq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@claudius check out the "proof" attachment in the hacker one report… |
|
|
|
Post #AvxuDPO6H2KwlYizJI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagderWell... The one finding this "exploit" uses root? Else, he wou… |
|
|
|
Post #AvxuFnxfscjRYkVUJ6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder next up: critical security issue in catcat /etc/shadow lets you see the… |
|
|
|
Post #AvxuIfwm8NmFZVSHcO by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder I mean, this is quote in-your-face. Usually, the equivalent reports jum… |
|
|
|
Post #AvxuN2O4dy2iKMItea by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder less Privilege Escalation; more Privilege Exasperation |
|
|
|
Post #AvxuZ0jgbqDKgG7dM8 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@bagder i can picture the YouTube title: CRITICAL security vulnerability! "… |
|
|
|
Post #AvxufYrAf7RIF2kLOC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@nixCraft @bagder as if the begbounty types in the responsible disclosure mailb… |
|
|
|
Post #AvxugQ94XIFZVuWt9M by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@mage_of_dragons @bagder but does it have a logo, mascot and a theme song. |
