Remote Code Execution in realms-wiki install.sh
by Javantea
Mar 15, 2015
Product: Realms Wiki
Website: http://realms.io/
Github: https://github.com/scragg0x/realms-wiki
CVSS Score: 7.9 (AV:A/AC:M/Au:N/C:C/I:C/A:C)
On line 20 of realms-wiki install.sh, a GPG key that is requested via HTTP is
CSRF in Realms Wiki
Vulnerability Report
Mar 19, 2015
Product: Realms Wiki
Website: http://realms.io/
Github: https://github.com/scragg0x/realms-wiki
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)
Realms Wiki is vulnerable to Cross-Site Request Forgery on all posts.
Especially of concern are N
www.nsec.io - northsec.eventbrite.ca
NorthSec 2015, one of the biggest applied security event in Canada,
coming up in Montreal May 21-24, with a 2-day technical conference
followed by a 48h on-site CTF.
The full line-up of speakers has been announced at
https://www.nsec.io/speakers featuring :
*
__ __ __ __ __ __ __
/\ \ __/\ \/\ _ \/\ \/\ \/\ _`\ /\ \/\ \
\ \ \/\ \ \ \ \ \L\ \ \ \_\ \ \ \/\_\\ \ \/'/'___ ___
\ \ \ \ \ \ \ \ __ \ \ _ \ \ \/_/_\ \ ,
