[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] Wget - acess list bypass / race condition PoC

From: Dawid Golunski
Subject: [Bug-wget] Wget - acess list bypass / race condition PoC
Date: Sun, 14 Aug 2016 18:17:54 -0300


I'm attaching the PoC to this email.
As you can see, this scenario doesn't require attacker to have access
to the filesystem (as was suggested earlier in the thread on
oss-security group) ,and  attacker is able to supply his URL as per
'import from URL' functionality which is common in many apps today.

Hope this helps. I'd like to publish the advisory as soon as possible
so please issue appropriate patches / update documentation if


Dawid Golunski

Attachment: Wget-Race-Condition-Accesslist-Bypass-Vulnerability.txt
Description: Text document

reply via email to

[Prev in Thread] Current Thread [Next in Thread]