CVE-2022-26488 PoC — Python 代码问题漏洞

Source

https://github.com/techspence/PyPATHPwner

Associated Vulnerability

Title:Python 代码问题漏洞 (CVE-2022-26488)
Description:Python是Python基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。urllib是其中的一个用于处理URL的模块。 Python 存在安全漏洞，该漏洞源于Python Core 缺少权限的限制。攻击者利用该漏洞可以通过Windows安装程序绕过Python Core的限制，以进行特权提升。

Description

POC Exploit for CVE-2022-26488 - Python for Windows (CPython) escalation of privilege vulnerability, discovered by the Lockheed Martin Red Team.

Readme

POC Exploit for CVE-2022-26488 - Python for Windows (CPython) escalation of privilege vulnerability, discovered by the Lockheed Martin Red Team.

File Snapshot


 [4.0K]  /data/pocs/6eccfe932fd7b1d65986fbd3211297f58a367b9f
├── [2.7K]  adduser.c
├── [ 11K]  Invoke-PyPATHPwner.ps1
├── [1.9K]  LICENSE.txt
└── [ 144]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!