1, There is another vulnerability can be used to get root privilege locally, here is the exploit:
Linux Kernel 2.4/2.6 sock_sendpage() Local Root Exploit [3]
2, an RFI vulnerability was found at "/index1.php", the vulnerable URL is:
http://192.168.1.107/index1.php?connect=/etc/password
The bug in index1.php:
...
if($_GET['connect'] != 'true'){
include($_GET['connect']); //Here user's input just be used directly
}
...
No comments:
Post a Comment