Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

C: IFS System() Vulnerability

Tags:

c

security

ifs

For educational reasons I have to exploit an C-Code

The Programm set the egid first, and then the vulnerability with the system("/usr/bin/..."); Command.

So I made an 'usr' executeable in my Home-Directory and set the Path to the Home PATH=$HOME:$PATH

And I want to change the IFS Variable in the bash to /: export IFS='/'

Unfortunatelly, when i call the C-Programm: my exploit doesn't work

Is anybody able to tell me what is wrong?

like image 736
nikmaster Avatar asked Oct 13 '12 14:10

nikmaster


1 Answers

Add the IFS as part of your program's call to system(). System executes the code with /usr/bin/sh -c. So you can do similar to what you'd in the shell prompt.

system("export IFS='/'; /usr/bin/cmd");

Note that once the child process is terminated, the IFS set will no longer be available in the parent.

like image 149
P.P Avatar answered Sep 19 '22 04:09

P.P