admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
74ee3d96f82c98ef601d71907b3f73ae5843decb
nuclei-templates/code/linux/audit/root-path-dot.yaml
ghost 814b1b169f chore: sign templates 🤖
2025-08-21 12:45:03 +00:00

29 lines
1.0 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
id: root-path-dot
info:
name: Root PATH Contains Current Directory
author: songyaeji
severity: high
description: |
root users PATH environment variable included the current directory (“.”).This allowed scripts or binaries in the working directory to be executed with root privileges. The misconfiguration resulted in potential privilege escalation and unsafe behavior.
reference:
- https://isms.kisa.or.kr/main/csap/notice/
- https://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/
metadata:
verified: true
tags: local,linux,audit,privesc,kisa
self-contained: true
code:
- engine:
- sh
source: |
echo $PATH | grep -Eq '(^\.?:|:.:|:\.$|^\.$)' && echo "dot-in-path" || echo "safe-path"
matchers:
- type: word
part: response
words:
- "dot-in-path"
# digest: 4b0a004830460221009bc443da27ba4a09097561e6237be8676c76bea133bb051901740f075e5ffe6d022100b56139ecfd6da3702a70cee28aba51fbdc9dde4be9ae7742a31c020ee5bccebb:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink