I hereby claim:
- I am nutc4k3 on github.
- I am nutcak3 (https://keybase.io/nutcak3) on keybase.
- I have a public key ASD4oGEiz66w_yCZ-uxwgD1XDVfb9BN9jVyMml6VKaYhdQo
To claim this, I am signing this object:
nutc4k3
/ keybase.md
Created
June 10, 2021 22:33
nutc4k3
/ CVE-2020–28695.txt
Created
March 29, 2021 18:43
— forked from caioluders/CVE-2020–28695.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Unauthenticated RCE as root on ASKEY router RTF3505VW through GET parameter | |
| ------------------------------------------------------------------------------ | |
| The router RTF3505VW, which is distributed by Vivo, is vulnerable to a unauthenticated RCE via a GET parameter. The vulnerability resides on the /bin/httpd, as it passes a GET parameter to a system call, see the vulnerable portion of the binary below. | |
| if (iVar1 != 0) { | |
| system("killall ping traceroute > /dev/null 2>&1"); | |
| __format = "ping %s -c %s -I %s> %s&"; | |
| puVar4 = auStack10144; |
nutc4k3
/ Oh my zsh with autosuggestions & syntax-highlighting.md
Created
June 6, 2020 15:23
— forked from dogrocker/Oh my zsh with autosuggestions & syntax-highlighting.md