0day.today - 世界最大的漏洞利用数据库。
- 我们唯一的域名:http://0day.today
- 我们大多数的材料都完全免费
- 如果你想购买漏洞利用 / 获取V.I.P.权限 或者使用其他付费服务,
你需要购买或者赢取金币
金币
本站管理员使用官方账号。请谨防诈骗!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
联系我们
你可以由此方式联系我们:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Microsoft VSCode Python Extension - Code Execution Exploit
[# VSCode Python Extension Code Execution This repository contains the Proof-of-Concept of a code execution vulnerability discovered in the [Visual Studio Code](https://code.visualstudio.com/) Python extension. >TL;DR: VScode may use code from a virtualenv found in the project folders without asking the user, for things such as formatting, autocompletion, etc. This insecure design leads to arbitrary code execution by simply cloning and opening a malicious Python repository. You can read more about this vulnerability on our blog: [https://blog.doyensec.com/2020/03/16/vscode_codeexec.html](https://blog.doyensec.com/2020/03/16/vscode_codeexec.html). ## HowTo - Clone the 'malicious' repository with `git clone https://github.com/doyensec/VSCode_PoC_Oct2019.git` - Add the cloned repo to a VSCode workspace on macOS. Note that the vulnerability affects all platforms, but the PoC is executing *Calculator.app* - Open `test.py` in VScode Download ~ https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48231.zip # 0day.today [2024-06-30] #