I think priv esc has something to do with logparser in final-1.0-jar-with-dependencies.jar, but not quite sure what?

we could try log poising the /opt/panda_search/redpanda.log with || in user agent but not sure where to go with that

(July 9, 2022, 10:22 PM)OldName2 Wrote: we could try log poising the /opt/panda_search/redpanda.log with || in user agent but not sure where to go with that

That could be useful to bypass the (!isImage(line)) check since it passes the whole line and only checks it with contains(".jpg")

also the /opt/cleanup.sh indicated that we have to do something with an jpg and and xml file?

Does it have something to do with "jdom2 XXE" (CVE)?

(July 9, 2022, 10:42 PM)Truss46 Wrote: Does it have something to do with "jdom2 XXE" (CVE)?

It has got to be something like that.

(July 9, 2022, 10:47 PM)11231123 Wrote:

(July 9, 2022, 10:42 PM)Truss46 Wrote: Does it have something to do with "jdom2 XXE" (CVE)?

It has got to be something like that.

on the MainController.java looks for /export.xml

and  on the cleanup.sh indicate the location of the xml .

(July 9, 2022, 10:47 PM)11231123 Wrote:

(July 9, 2022, 10:42 PM)Truss46 Wrote: Does it have something to do with "jdom2 XXE" (CVE)?

It has got to be something like that.

  <dependency>
                        <groupId>org.jdom</groupId>
                        <artifactId>jdom2</artifactId>
                        <version>2.0.6.1</version>
                </dependency>
                <dependency>

2.0.6.1 is fixed

I dont get any further :(

panda_search-0.0.1-SNAPSHOT.jar ?

---

now that I've noticed that I'm part of a group called logs