Pages

Sunday, October 23, 2011

[Update] pWnOS v1

Two more vulnerabilities:

1, There is another vulnerability can be used to get root privilege locally, here is the exploit:

Linux Kernel 2.4/2.6 sock_sendpage() Local Root Exploit [3]

2, an RFI vulnerability was found at "/index1.php", the vulnerable URL is:
http://192.168.1.107/index1.php?connect=/etc/password

The bug in index1.php:
...
if($_GET['connect'] != 'true'){
    include($_GET['connect']);        //Here user's input just be used directly
}
...

No comments:

Post a Comment