Pastebin
Paste #3200: wget prior to 1.16 allows for a web server to write arbitrary files on the client side
< previous paste - next paste>
Pasted by Anonymous Coward
wget prior to 1.16 allows for a web server to write arbitrary files on the client side. A Metasploit module is available for testing: https://github.com/rapid7/metasploit-framework/pull/4088 the disclosure is here: https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access Redhat's bug is here: https://bugzilla.redhat.com/show_bug.cgi?id=1139181
New Paste
Go to most recent paste.
 
      