Skip to content

xz-vulnerability-poc (cross platform) This repository contains a Proof of Concept (POC) script for the xz vulnerability

Notifications You must be signed in to change notification settings

AiGptCode/Xz_vulnerability_crossplatform

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 

Repository files navigation

xz-vulnerability-poc (cross platform)

just one click exploit

This repository contains a Proof of Concept (POC) script for the xz vulnerability

Description

sources: https://www.openwall.com/lists/oss-security/2024/03/29/4

The provided Python script demonstrates the xz vulnerability by dynamically creating a malicious input file and executing the xz command with that file as input. Additionally, it opens a command shell after executing the exploit, and then deletes the exploit file and the symbolic or hard link. The script works on Linux, Windows, and macOS platforms.

Usage

  1. Clone this repository or download the script as a ZIP file.
  2. Extract the files if necessary.
  3. Run the script using Python: python exploit.py

Notes

  • The script has been tested on the latest Python 3.x versions.
  • For educational and security research purposes only. Use it responsibly and always seek permission before testing vulnerabilities on systems that you don't own or control.

Disclaimer

This repository is intended for educational and security research purposes only. The author is not responsible for any misuse or damage caused by the use of this script.

License

This repository is licensed under the MIT License.

STAR

Please don't forget to give us a star on GitHub ⭐️