A fun gadget I found recently! The .NET JIT compiler makes sure there are no rwx pages by using a memfd, but that turns file writes into straight shellcode execution 🐚
pspaul
Shellcode execution as a service!
To exploit an argument injection in Jellyfin, we searched and found a gadget in the .NET runtime to turn file writes into code execution. Learn about the bug and this new technique in our blog post:
www.sonarsource.com/blog/jellyfi...
#appsec #vulnerability
Explore a Jellyfin remote code execution flaw where inconsistent validation enables FFmpeg argument injection and unauthenticated code execution.
