Skip to content
Advertisement

Tag: secure-coding

What is vulnerable about this C code?

The way I understand it, the code above allows arbitrary code (or program) execution — what makes this vulnerable, and how does one take advantage of this? Answer You can override the PATH variable to point to a directory with your custom version of echo and since echo is executed using env, it isn’t treated as a built-in. This constitues

Advertisement