emacs-orgmode@gnu.org archives
 help / color / mirror / code / Atom feed
* RCE through Org-protocol and org-babel
@ 2019-02-26  5:31 Ring <3 Rootkitty
  0 siblings, 0 replies; only message in thread
From: Ring <3 Rootkitty @ 2019-02-26  5:31 UTC (permalink / raw)
  To: emacs-orgmode

Hi all,

Some time ago I discovered a method of executing remote code by
controlling the content sent over org-protocol, escaping the capture
template, and embedding a org-babel code block.

Details are outlined in the blog post bellow.
https://rootkitty.tech/post/rce-emacs-capture/

I don't really know if this is the right place to send it, but hey it's
best that people are aware that this is possible, even if it involves
user interaction to some extent.

-- 
Ring <3 Rootkitty
https://rootkitty.tech

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2019-02-26  5:31 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-02-26  5:31 RCE through Org-protocol and org-babel Ring <3 Rootkitty

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).