The online Judge's sandbox have an incorrect access control vulnerability that can write file anywhere.
User can get the directory list and write it to /tmp. At last user can leak file data by #include
The text was updated successfully, but these errors were encountered:
plusls
changed the title
There is a incorrect access control vulnerability that can write file anywhere
There is an incorrect access control vulnerability that can write file anywhere
Aug 9, 2018
The online Judge's sandbox have an incorrect access control vulnerability that can write file anywhere.
User can get the directory list and write it to /tmp. At last user can leak file data by #include
such as:
There is my test submit:
creat file
leak data
The text was updated successfully, but these errors were encountered: