CVE-2022-39224

This exercise covers the exploitation of CVE-2022-39224

PRO
Tier
Medium
2-4 Hrs.
59
Media Badge

Course


This challenge explores a vulnerability in the Ruby library used for parsing RPM files, inspired by CVE-2022-39224. The issue allows command execution due to improper handling of the payload compressor retrieved from the RPM file. By examining the advisory and patches, you will understand how the vulnerability was introduced and subsequently fixed.

To exploit this vulnerability, you will need to locate an RPM file, preferably a small one, and modify it using a text editor like Vi. The goal is to inject a command that bypasses the intended payload compressor validation, allowing you to execute arbitrary code. This hands-on experience will enhance your understanding of RPM file structures and command injection vulnerabilities.

Want to learn more? Get started with PentesterLab Pro! GO PRO