
GNU Wget - dawid_golunski
http://legalhackers.com/advisories/Wget-Arbitrary-File-Upload-Vulnerability-Exploit.txt
======
dawid_golunski
GNU Wget before 1.18 when supplied with a malicious URL (to a malicious or
compromised web server) can be tricked into saving an arbitrary remote file
supplied by an attacker, with arbitrary contents and filename under the
current directory and possibly other directories by writing to .wgetrc.
Depending on the context in which wget is used, this can lead to remote code
execution and even root privilege escalation if wget is run via a root cronjob
as is often the case in many web application deployments.

Full advisory and exploit at:

[http://legalhackers.com/advisories/Wget-Arbitrary-File-
Uploa...](http://legalhackers.com/advisories/Wget-Arbitrary-File-Upload-
Vulnerability-Exploit.txt)

Regards, Dawid Golunski

