Path Abuse
env | grep PATH
or echo $PATH
.
If we can modify a user's path, we could replace a common binary such as ls
with a malicious script such as a reverse shell. If we add .
to the path by issuing the command PATH=.:$PATH
and then export PATH
, we will be able to run binaries located in our current working directory by just typing the name of the file
References
Last updated