Skip to content

Commit

Permalink
let's not be path-injectable
Browse files Browse the repository at this point in the history
  • Loading branch information
@zardus
zardus committed Sep 1, 2024
1 parent ab3d214 commit 0f59bb1
Show file tree
Hide file tree
Showing 6 changed files with 6 additions and 0 deletions.
1 change: 1 addition & 0 deletions web-security/cmdi-ls-filter/server
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,5 +39,6 @@ def challenge():
"""

os.setuid(os.geteuid())
os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
app.secret_key = os.urandom(8)
app.run("challenge.localhost", 8080 if os.geteuid() else 80)
1 change: 1 addition & 0 deletions web-security/cmdi-ls-pipe/server
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,6 @@ def challenge():
"""

os.setuid(os.geteuid())
os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
app.secret_key = os.urandom(8)
app.run("challenge.localhost", 8080 if os.geteuid() else 80)
1 change: 1 addition & 0 deletions web-security/cmdi-ls-quote/server
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,6 @@ def challenge():
"""

os.setuid(os.geteuid())
os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
app.secret_key = os.urandom(8)
app.run("challenge.localhost", 8080 if os.geteuid() else 80)
1 change: 1 addition & 0 deletions web-security/cmdi-ls-semicolon/server
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,6 @@ def challenge():
"""

os.setuid(os.geteuid())
os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
app.secret_key = os.urandom(8)
app.run("challenge.localhost", 8080 if os.geteuid() else 80)
1 change: 1 addition & 0 deletions web-security/cmdi-touch-blind/server
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,6 @@ def challenge():
"""

os.setuid(os.geteuid())
os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
app.secret_key = os.urandom(8)
app.run("challenge.localhost", 8080 if os.geteuid() else 80)
1 change: 1 addition & 0 deletions web-security/level-2/server
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,6 @@ def challenge():
"""

os.setuid(os.geteuid())
os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
app.secret_key = os.urandom(8)
app.run("challenge.localhost", 8080 if os.geteuid() else 80)

0 comments on commit 0f59bb1

Please sign in to comment.