Fun stuff. Serious question though: if you know the cookie signing key, can't you just mint yourself an admin session? Is the YAML vuln required to exploit this issue?
I certainly did read the writeup. Did you read my comments? I'm not sure what exactly you're disagreeing with. I can see this leading to RCE in a number of scenarios: - default/abandoned mysql install with default root…
> Giving FILE permissions to MySQL users is "fairly common"? When... did I say that? I said: a file write primitive on a server is fairly common. e.g. a PHP web app that lets you upload a file to some directory on the…
You're arguing authenticated vs unauthenticated remote code execution. Given MySQL creds and a (fairly common) file write primitive (file upload functionality, log injection, etc) that in itself should not qualify as a…
Fun stuff. Serious question though: if you know the cookie signing key, can't you just mint yourself an admin session? Is the YAML vuln required to exploit this issue?
I certainly did read the writeup. Did you read my comments? I'm not sure what exactly you're disagreeing with. I can see this leading to RCE in a number of scenarios: - default/abandoned mysql install with default root…
> Giving FILE permissions to MySQL users is "fairly common"? When... did I say that? I said: a file write primitive on a server is fairly common. e.g. a PHP web app that lets you upload a file to some directory on the…
You're arguing authenticated vs unauthenticated remote code execution. Given MySQL creds and a (fairly common) file write primitive (file upload functionality, log injection, etc) that in itself should not qualify as a…