Re: xdg-open RCE

Posted by Brandon Perry on Nov 17

This is very similar to this gksu bug (which only applies to gksu when in
SU_MODE)

http://savannah.nongnu.org/bugs/?40023

Attempted to email the gksu ‘maintainer’, but with no response.

Did a quick write up on the Rapid7 site on how I found out about it and the
vector I was using to exploit it:

https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu

Was assigned the following…

Leave a Reply