Post by joernchen :cute_dumpster_fire: (@joern@threatactor.club)

:cute_dumpster_fire:

Last Christmas I popped a shell¹ on http://hg.mozilla.org

Here's the fix:
https://hg.mozilla.org/hgcustom/version-control-tools/rev/0b02dd442661b4ada84e4c6dea58ab62cb8fbaca

Can you explain the bug?

FAQ:

This is an authenticated vuln
I'll post a writeup in the next days
Yes, RTFM helps ... as usual

¹) actually it was two shells

:cute_dumpster_fire:

The other shell I got was via some funky LDAP truncation issue. Check out the write up at https://0day.click/recipe/pash/

zhenech @zhenech@chaos.social

@joern you could add arbitrary data to the config if your description had a newline?

:cute_dumpster_fire:

pretty close.