Dot (.) In PATH
Example of a vulnerable PATH. Note the dot in the front:
If a user named admin has the above PATH, then if you put a malicious executable named ls in a folder the admin user frequently visits, then if they type ls into their terminal while they are in that folder, they’ll execute your program.
If the dot is at the end of the PATH, then exploitation is slightly more difficult, since the ls executable in /usr/bin/ls will be found before ./ls is found, and /usr/bin/ls will be executed instead of your malicious ./ls. In that case, you can add a ./sl executable and hope that the admin user makes a typo.
Last updated