This repository contains a Proof of Concept (POC) script for the xz vulnerability
sources: https://www.openwall.com/lists/oss-security/2024/03/29/4
The provided Python script demonstrates the xz vulnerability by dynamically creating a malicious input file and executing the xz command with that file as input. Additionally, it opens a command shell after executing the exploit, and then deletes the exploit file and the symbolic or hard link. The script works on Linux, Windows, and macOS platforms.
- Clone this repository or download the script as a ZIP file.
- Extract the files if necessary.
- Run the script using Python:
python exploit.py
- The script has been tested on the latest Python 3.x versions.
- For educational and security research purposes only. Use it responsibly and always seek permission before testing vulnerabilities on systems that you don't own or control.
This repository is intended for educational and security research purposes only. The author is not responsible for any misuse or damage caused by the use of this script.
This repository is licensed under the MIT License.
Please don't forget to give us a star on GitHub ⭐️