mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-06 02:33:22 +08:00
27 lines
1000 B
YAML
27 lines
1000 B
YAML
id: insecure-startup-items
|
|
|
|
info:
|
|
name: macOS World-Writable Startup Items
|
|
author: geeknik
|
|
severity: medium
|
|
description: |
|
|
Identifies world-writable startup items on macOS that can be tampered with by unprivileged users.
|
|
impact: |
|
|
World-writable startup items can be modified by any user on the system, potentially leading to privilege escalation or execution of malicious code.
|
|
remediation: |
|
|
Review and correct the permissions of world-writable startup items.
|
|
tags: macos,audit,local,security,startup
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
find /System/Library/StartupItems/ /Library/StartupItems/ -perm -o+w -type f -ls 2>/dev/null
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "\\d+\\s+-[rwx-]*w[rwx-]*w[rwx-]*\\s+"
|
|
# digest: 4a0a00473045022100cdffabfeaa894e26f8e25b8f0e6f3eb621ef7ba02088001a384c45791c7a3be002206670aa650962df9af70ced787fa9058d9e6a5c2573bf3aca920e4eb466b3741d:922c64590222798bb761d5b6d8e72950 |