Table of contents
1. What is "${}":
"${}" is a function to process variables, it can take length, intercept, replace and other operations on variable values
2. Specific usage:
The variable we use for the experiment is the environment variable $PATH
The content of $PATH is as follows
1. Take the length:
Order :
echo ${#PATH}
We can see that the length of the $PATH variable is 142
2. Intercept the string
The format is:
${PATH:start:length}
- The first position of the string is 0
- The start parameter can not be added, the default is 0
- You can add the '~' symbol before the start parameter, which means starting from the end
Example one:
Order :
echo ${PATH:0:1}
从第0位开始,截取一个字符
result:
Example two:
Order :
echo ${PATH::1}
这次没加start参数,默认从0位开始
result:
Example three:
Order :
echo ${PATH: ~0:1}
从导数第0位返回1个字符
result:
3. Replace characters
Single replace:
${file/a/b}
将字符串中第一个a替换为b
Example:
Order :
echo ${PATH/usr/root}
result:
We can see that the first "usr" has changed to "root"
Full replacement:
${file//a/b}
将字符串所有的a替换为b
Example:
Order :
echo ${PATH//usr/root}
result:
We can see that all "usr" in the string becomes "root"
Four: Extended utilization
This function can be used for splicing instructions in RCE vulnerabilities . I will talk about the specific method in the next article.