In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.
{ "binaries": [ { "binary_version": "4.00c-1ubuntu1", "binary_name": "afl" }, { "binary_version": "4.00c-1ubuntu1", "binary_name": "afl++" }, { "binary_version": "4.00c-1ubuntu1", "binary_name": "afl++-clang" }, { "binary_version": "4.00c-1ubuntu1", "binary_name": "afl-clang" } ] }