admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-03 09:13:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
37b9ea2d266cf821f156dccaf7e7bbcf958d5ca6
nuclei-templates/code/linux/audit/root-path-dot.yaml
pussycat0x 4b559b570a Linux Audit Templates Directory - Change
2025-08-21 11:57:32 +05:30

28 lines
862 B
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
id: root-path-dot
info:
name: Root PATH Contains Current Directory
author: songyaeji
severity: high
description: |
root users PATH environment variable included the current directory (“.”).This allowed scripts or binaries in the working directory to be executed with root privileges. The misconfiguration resulted in potential privilege escalation and unsafe behavior.
reference:
- https://isms.kisa.or.kr/main/csap/notice/
- https://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/
metadata:
verified: true
tags: local,linux,audit,privesc,kisa
self-contained: true
code:
- engine:
- sh
source: |
echo $PATH | grep -Eq '(^\.?:|:.:|:\.$|^\.$)' && echo "dot-in-path" || echo "safe-path"
matchers:
- type: word
part: response
words:
- "dot-in-path"
Reference in New Issue View Git Blame Copy Permalink