an RCE (remote command execution) approach of CVE-2018-7750
Exploit Title: Paramiko < 2.4.1 - Remote Code Execution
Date: 2018-11-06
Exploit Author: jm33-ng
Vendor Homepage: https://www.paramiko.org
Software Link: https://github.com/paramiko/paramiko/archive/2.4.0.tar.gz
Version: < 1.17.6, 1.18.x < 1.18.5, 2.0.x < 2.0.8, 2.1.x < 2.1.5, 2.2.x < 2.2.3, 2.3.x < 2.3.2, and 2.4.x < 2.4.1
Tested on: Multiple platforms
CVE: CVE-2018-7750
This PoC provides a way to execute arbitrary commands via paramiko SSH server, using CVE-2018-7750.
Details about CVE-2018-7750: https://github.com/paramiko/paramiko/issues/1175
The original PoC, which makes use of SFTP, can be found at https://www.exploit-db.com/exploits/45712
Aucun commentaire:
Enregistrer un commentaire