Pastebin

Paste #3200: wget prior to 1.16 allows for a web server to write arbitrary files on the client side

< previous paste - next paste>

Pasted by Anonymous Coward

Download View as text 

wget prior to 1.16 allows for a web server to write arbitrary files on the client side.

A Metasploit module is available for testing:

https://github.com/rapid7/metasploit-framework/pull/4088

the disclosure is here:

https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access

Redhat's bug is here:

https://bugzilla.redhat.com/show_bug.cgi?id=1139181

New Paste


Do not write anything in this field if you're a human.

Go to most recent paste.

Backed by:
PG Support
PostgreSQL Professional Services
DebianSupport
Debian Linux Support