VIM RCE via crafted textfile #11973

sempervictus · 2019-06-12T22:21:07Z

Everyone knows those "swears by vim and only vim" coders. https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md might make them swear more.

h00die · 2019-06-12T22:42:12Z

Looks like a trivial rce!

wvu · 2019-06-12T22:42:14Z

I asked @busterb if he wanted to do this, since he was already looking at it.

OJ · 2019-06-12T22:42:57Z

I've tried to repro this on so many installs, and none of them worked out of the box.

wvu · 2019-06-12T22:49:10Z

That's a good data point. Thank you!

wvu · 2019-06-12T22:49:37Z

wvu@kharak:~$ grep nomodeline .vimrc*
.vimrc.after:set nomodeline
.vimrc.orig:set nomodeline
wvu@kharak:~$

philmenow · 2019-06-26T12:05:50Z

I've been trying to get my phone rooted for some time now.when I do I'm going to learn so I can show other's.

wvu · 2019-06-26T15:38:56Z

Are you going to write a video in Vim?

h00die added easy suggestion Suggestions for new functionality labels Jun 12, 2019

bcoles added suggestion-module New module suggestions and removed suggestion Suggestions for new functionality labels Mar 25, 2021

Provide feedback