Abusing scripts

Command Injection w/ Scripts

This bit of code on in a script (being ran as root) isn't using the full path of another script when calling upon it. We can simply place a script in the pwd to run instead of it

If source code is being handed to you, READ IT

This is python2 because there are no () on the print. Code execution is possible with the input function in python2

__import__('os').system('/bin/bash')
PreviousWild CardsNextRestricted shell escaping

Last updated