|    |    |    | Today: 17-Dec-2017 |

Mercurial Custom hg-ssh Wrapper Remote Code Execution

November 1, 2017 | Posted in ExploitAlert

This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don't adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution.


Source: Mercurial Custom hg-ssh Wrapper Remote Code Execution

Taged in: Exploit