1N3 Posted January 21, 2015 Share Posted January 21, 2015 As a pentester, I find myself checking random fields and forms for arbitrary code execution and came across a code execution flaw in the log viewer infusion for the Pineapple. This isn't technically a vulnerability since you need to be logged in as root but it's still un-intended functionality resulting in arbitrary code execution.... Regardless of the impact, I enjoy finding things like this so here it is... enjoy! https://www.youtube.com/watch?v=I_i2RhfB-Z8 Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted January 21, 2015 Share Posted January 21, 2015 Yeah, we are going over all the inputs and fixing them. Of course, as you said, you need root access to the WiFi Pineapple for this to work. As an attacker, it would be better to just SSH in or use the "execute commands" field in the configuration infusion. We appreciate any feedback we get! Quote Link to comment Share on other sites More sharing options...
1N3 Posted January 22, 2015 Author Share Posted January 22, 2015 Cheers Seb! Don't mind me... I just like finding weird little bugs like this... great product/project btw! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.