15 lines
571 B
Plaintext
15 lines
571 B
Plaintext
|
The following code uses the `find` command and expects the user to enter the
|
||
|
|
name of a file to find on the system.
|
||
|
|
|
||
|
|
It is vulnerable to arguments injection because untrusted data is inserted
|
||
|
|
directly into the arguments of a process call without sanitization. +
|
||
|
|
The application assumes that incoming data always consists of a specific range
|
||
|
|
of characters and ignores that some characters might force the `find` command
|
||
|
|
to start a shell.
|
||
|
|
|
||
|
|
In this particular case, an attacker may remove files in `/some/folder` with the following string:
|
||
|
|
|
||
|
|
----
|
||
|
|
'*' -exec rm -rf {} \;
|
||
|
|
----
|