[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Vulnerability

From: Rakesh Mane
Subject: Security Vulnerability
Date: Sun, 7 Feb 2016 16:01:49 +0530

While playing with Terminal I noticed a weird behavior which can turn into a security vulnerability.
I'm not sure if it's actually a bug or a feature but I thought to report it anyway.

Details :
Whenever we enter "*" as command, shell looks for the files in current directory and executes the filename as a shell command.
For example :

$ touch id
$ ls
$ *
uid=10191(u0_a191) gid=10191(u0_a191) groups=1015(sdcard_rw),1028(sdcard_r),3003(inet),9997(everybody),50191(all_a191) context=u:r:untrusted_app:s0

In above example I created a file named "id" in an empty directory and then entered "*" as command. After that the "id" command got executed.

In real life, if an attacker founds a command injection vulnerability in some system then he can use this flaw to bypass filters or waf's by simply uploading a file having a command as filename (example: reboot) and then by sending "*" as command.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]