Thread of 2 posts
jump to replies
joernchen 
(open profile)
Last Christmas I popped a shell¹ on http://hg.mozilla.org
Here's the fix:
https://hg.mozilla.org/hgcustom/version-control-tools/rev/0b02dd442661b4ada84e4c6dea58ab62cb8fbaca
Can you explain the bug?
FAQ:
- This is an authenticated vuln
- I'll post a writeup in the next days
- Yes, RTFM helps ... as usual
¹) actually it was two shells
joernchen
(open profile)
The other shell I got was via some funky LDAP truncation issue. Check out the write up at https://0day.click/recipe/pash/
2 replies
back to top
@joern you could add arbitrary data to the config if your description had a newline?
joernchen
(open profile)
pretty close.