From 8001cd78a20a90b8e37bf390fbbb94bfec3abcee Mon Sep 17 00:00:00 2001 From: "Jan Vales (Someone)" Date: Fri, 17 Jan 2020 22:35:56 +0000 Subject: [PATCH] wrong CVE :/ --- writeups/writeups/someone/seccon19.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/writeups/writeups/someone/seccon19.md b/writeups/writeups/someone/seccon19.md index ee366c1..15595f3 100644 --- a/writeups/writeups/someone/seccon19.md +++ b/writeups/writeups/someone/seccon19.md @@ -140,7 +140,7 @@ After more than a hour of trying to get a classical path traversal to work. Fina Frustrated by the lack of any success or progress in exploiting ruby's string-interpolation I turned back to Dir.glob and wanted to understand, how it worked in full detail and started googling. Turns out: + It is widely used exactly the same in real-world, which normally is a bad sign for CTFs. + The matching works like a bash's globbing and not like regex. -+ There is a relatively recent CVE: ``CVE-2019-5418``. ++ There is a relatively recent CVE: ``CVE-2018-8779``. + null-byte-injection it is! + For some weird reason only the part AFTER the null-byte is matched, in case of a null-byte. -- 2.43.0