by vicarius
log in join community
by @secatgourity
15 Aug 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Analyzing chromedriver command injection PoC (CVE-2023-26156)

by @secatgourity
by @secatgourity
15 Aug 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Analyzing chromedriver command injection PoC (CVE-2023-26156)

CVEs

CVE-2023-26156
7.5 High Severity

Screenshots from the blog posts

images/clzs1msthjq6a1in9ehjl7eow.jpgimages/clzs1msthjq6a1in9ehjl7eow.jpg

Summary

In this post, we will understand how to exploit chromedriver package vulnerable to command injection vulnerability (CVE-2023-26156).

Script link

Package chromedriver: possible to do command injection by manipulating the arguments.

Package chromedriver: possible to do command injection by manipulating the arguments. - chromedriver-115.0.1_poc.js

image

Description

Tags

#exposed_to_RCE_attack#open-source#trending#nodejs#command-injection#chromedriver#npm

@secatgourity

190 posts

Total vcoins

0

Social media links

Comments (0)