This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don’t adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution.
This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don’t adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution.