This commit is contained in:
parent
9d05243d2b
commit
0b4d99702f
1 changed files with 4 additions and 1 deletions
|
@ -80,7 +80,10 @@ def validate(cmd : str):
|
|||
return True
|
||||
```
|
||||
|
||||
It seems like as long as all of our bash commands are valid under `which`, we're free to go ahead and run it.
|
||||
It seems like as long as all of our bash commands are not valid under `which`, we're free to go ahead and run it.
|
||||
But the `which` command does not use the shell, whereas the `ping` command does, so we can use the shell injection trick of adding empty quoted strings into our commands, like this: `ba""sh`.
|
||||
This will not trip the validation script, but will run bash as we expected.
|
||||
|
||||
I also noticed `flag.txt` is explicitly disallowed.
|
||||
I found `flag.txt` lying in `/`.
|
||||
|
||||
|
|
Loading…
Add table
Reference in a new issue