pastebin - collaborative debugging tool
kpaste.net RSS


wget prior to 1.16 allows for a web server to write arbitrary files on the client side. A Metasploit module is available for testing: https://github.com/rapid7/metasploit-framework/pull/4088 the disclosure is here: https://community.rapid7.com/communi
Posted by Anonymous on Wed 29th Oct 2014 07:12
raw | new post

  1. wget prior to 1.16 allows for a web server to write arbitrary files on the client side.
  2.  
  3. A Metasploit module is available for testing:
  4.  
  5. https://github.com/rapid7/metasploit-framework/pull/4088
  6.  
  7. the disclosure is here:
  8.  
  9. https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
  10.  
  11. Redhat's bug is here:
  12.  
  13. https://bugzilla.redhat.com/show_bug.cgi?id=1139181

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with {%HIGHLIGHT}





All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at