[O] RCE through Org-protocol and org-babel

emacs-orgmode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[O] RCE through Org-protocol and org-babel

From:	Ring \<3 Rootkitty
Subject:	[O] RCE through Org-protocol and org-babel
Date:	Tue, 26 Feb 2019 16:31:22 +1100
User-agent:	mu4e 1.0; emacs 27.0.50

Hi all,

Some time ago I discovered a method of executing remote code by
controlling the content sent over org-protocol, escaping the capture
template, and embedding a org-babel code block.

Details are outlined in the blog post bellow.
https://rootkitty.tech/post/rce-emacs-capture/

I don't really know if this is the right place to send it, but hey it's
best that people are aware that this is possible, even if it involves
user interaction to some extent.

-- 
Ring <3 Rootkitty
https://rootkitty.tech

[Prev in Thread]

Current Thread

[Next in Thread]

[O] RCE through Org-protocol and org-babel, Ring \<3 Rootkitty <=

Prev by Date: Re: [O] Org can't export inline image link to PDF
Next by Date: Re: [O] Bug: Can't access org agenda custom command [9.2.1 (9.2.1-33-g029cf6-elpaplus @ /home/gustavo/.emacs.d/elpa/org-plus-contrib-20190225/)]
Previous by thread: [O] Bug: Can't access org agenda custom command [9.2.1 (9.2.1-33-g029cf6-elpaplus @ /home/gustavo/.emacs.d/elpa/org-plus-contrib-20190225/)]
Next by thread: [O] Buggy output in bash session
Index(es):
- Date
- Thread