One interesting observation we make when testing complex environments is that at the bottom of huge technology stacks, there is usually a handful of shell scripts doing interesting stuff. More often than not these helper scripts are started as part of cron jobs running as root and perform basic administrative tasks like compressing and copying log files or deleting leftover files in temporary directories. Of course, these high privileges make them an interesting target for privilege escalation attacks and one class of vulnerability we reliably encounter in shell scripts is unsafe handling of globbing or filename expansions. Continue reading “Revisiting an Old Friend: Shell Globbing”
Continue reading