You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a grep command is executed, the grep function in command.cpp (line 535) calls FileFetching::fetch_all_files_from_dir which itself calls SystemCommands::command_with_output on all subdirectories. The latter function is called iteratvely in order to fetch all files in the (sub)directory by executing “ls “ + directory_name. If a directory named a;xcalc was created before executing grep, SystemCommands::command_with_output will be called with the command ls and the directory name a;xcalc. Then, the call to popen in file systemcmd.cpp (line 48) will execute the command ls a;xcalc, which will open a calculator.
Exploit commands
login Acidburn
pass CrashOverride
mkdir a;xcalc
grep a
The text was updated successfully, but these errors were encountered:
Vulnerability location
The vulnerability is in
systemcmd.cpp
at line 48:GRASS/src/server/systemcmd.cpp
Line 48 in 471ec8d
When a
grep
command is executed, thegrep
function incommand.cpp
(line 535) callsFileFetching::fetch_all_files_from_dir
which itself callsSystemCommands::command_with_output
on all subdirectories. The latter function is called iteratvely in order to fetch all files in the (sub)directory by executing“ls “ + directory_name
. If a directory named a;xcalc was created before executinggrep
,SystemCommands::command_with_output
will be called with the commandls
and the directory name a;xcalc. Then, the call to popen in filesystemcmd.cpp
(line 48) will execute the commandls a;xcalc
, which will open a calculator.Exploit commands
The text was updated successfully, but these errors were encountered: