admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
b95bfae1d7250b8f0399de3c34290cbcb7f65aef
nuclei-templates/code/linux/audit/root-path-dot.yaml
ghost 814b1b169f chore: sign templates 🤖
2025-08-21 12:45:03 +00:00

29 lines
1.0 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
id: root-path-dot
info:
name: Root PATH Contains Current Directory
author: songyaeji
severity: high
description: |
root users PATH environment variable included the current directory (“.”).This allowed scripts or binaries in the working directory to be executed with root privileges. The misconfiguration resulted in potential privilege escalation and unsafe behavior.
reference:
- https://isms.kisa.or.kr/main/csap/notice/
- https://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/
metadata:
verified: true
tags: local,linux,audit,privesc,kisa
self-contained: true
code:
- engine:
- sh
source: |
echo $PATH | grep -Eq '(^\.?:|:.:|:\.$|^\.$)' && echo "dot-in-path" || echo "safe-path"
matchers:
- type: word
part: response
words:
- "dot-in-path"
# digest: 4b0a004830460221009bc443da27ba4a09097561e6237be8676c76bea133bb051901740f075e5ffe6d022100b56139ecfd6da3702a70cee28aba51fbdc9dde4be9ae7742a31c020ee5bccebb:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink