Course

This challenge explores a vulnerability in the Ruby library used for parsing RPM files, inspired by CVE-2022-39224. The issue allows command execution due to improper handling of the payload compressor retrieved from the RPM file. By examining the advisory and patches, you will understand how the vulnerability was introduced and subsequently fixed.

To exploit this vulnerability, you will need to locate an RPM file, preferably a small one, and modify it using a text editor like Vi. The goal is to inject a command that bypasses the intended payload compressor validation, allowing you to execute arbitrary code. This hands-on experience will enhance your understanding of RPM file structures and command injection vulnerabilities.