crld
典型的race condition漏洞
首先需要創建crld文件夾
Create-Read-Link-Delete Service
Base Path: /home/crld/crld/
Commands:
Create: create test hello_world
Create Directory: create_dir test_dir
Read: read test
Link: link test test2
Delete: delete test
Command: read falg
File Doesn't Exist
Command: read flag
Illegal Operation
Command: read nouse
this is a no use file
Command:
用strace,分別跟蹤read flag 和read nouse(事先創建好的文件)發現在access後,接下來的執行就不同了,因此確定是程序中存在校驗文件名稱的語句,可通過race condition繞過