crld
典型的race condition漏洞
首先需要创建crld文件夹
Create-Read-Link-Delete Service
Base Path: /home/crld/crld/
Commands:
Create: create test hello_world
Create Directory: create_dir test_dir
Read: read test
Link: link test test2
Delete: delete test
Command: read falg
File Doesn't Exist
Command: read flag
Illegal Operation
Command: read nouse
this is a no use file
Command:
用strace,分别跟踪read flag 和read nouse(事先创建好的文件)发现在access后,接下来的执行就不同了,因此确定是程序中存在校验文件名称的语句,可通过race condition绕过