My writeup for PKU GeekGame 2nd
GeekGame 2nd Writeup by mariodon 签到 一开始做这道题时感觉有点懵,因为我这使用浏览器打开 pdf,再和去年一样 Ctrl + A Ctrl + C 就把 flag 复制出来了,还真以为出了一道和去年一样的签到题呢。 后来看问卷才注意到 pdf 开了禁止复制。 这个故事告诉我们,选择正确的工具还是很重要的,可以少
The Score extension up to and including 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execute arbitrary Scheme or shell code by using crafted {{Image data to generate musical scores containing malicious code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki score |