Find centralized, trusted content and collaborate around the technologies you use most.
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
我有一个“进程”对象,它调用 linux"su - myuser"命令。之后它等待密码输入,并在进程OutputStream中刷新它。
"su - myuser"
我的问题是,是否有任何“命令注入”可以作为密码值传递?例如这样的:
Password:<ESCAPE> | rm -r /
或者
Password:<SIGINT> | rm -r /
Password:\n \ | rm -r /
换句话说,用户是否可以传递密码值,可以在密码提示后传递另一个命令?