wget prior to 1.16 (SECURITY ALERT!) 10-29-2014


2 years ago
wget prior to 1.16 allows for a web server to write arbitrary files on the client side.

A Metasploit module is available for testing:

https://github.com/rapid7/metasploit-fr ... /pull/4088

the disclosure is here:

https://community.rapid7.com/community/ ... tem-access

Redhat's bug is here:

https://bugzilla.redhat.com/show_bug.cgi?id=1139181

Reply

You are not logged in. Login or register to reply on this thread.