Exploitation Summary
EIP tracks 1 public exploit for CVE-2010-2809. PoCs published by Chuzz.
AI-analyzed exploit summary This exploit leverages a command injection vulnerability in uzbl-core due to insecure default configuration. It uses a crafted URI to execute arbitrary commands when a user clicks with the middle mouse button, demonstrating the ability to read /etc/passwd via zenity.
Description
The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
Exploits (1)
This exploit leverages a command injection vulnerability in uzbl-core due to insecure default configuration. It uses a crafted URI to execute arbitrary commands when a user clicks with the middle mouse button, demonstrating the ability to read /etc/passwd via zenity.