RCE through Org-protocol and org-babel

all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

* RCE through Org-protocol and org-babel
@ 2019-02-26  5:31 Ring <3 Rootkitty
  0 siblings, 0 replies; only message in thread
From: Ring <3 Rootkitty @ 2019-02-26  5:31 UTC (permalink / raw)
  To: emacs-orgmode

Hi all,

Some time ago I discovered a method of executing remote code by
controlling the content sent over org-protocol, escaping the capture
template, and embedding a org-babel code block.

Details are outlined in the blog post bellow.
https://rootkitty.tech/post/rce-emacs-capture/

I don't really know if this is the right place to send it, but hey it's
best that people are aware that this is possible, even if it involves
user interaction to some extent.

-- 
Ring <3 Rootkitty
https://rootkitty.tech

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2019-02-26  5:31 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-02-26  5:31 RCE through Org-protocol and org-babel Ring <3 Rootkitty

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.