poldi
Nov 15 2003, 11:22 AM
HI!
I found a page with bad checking of included files.
i tried to include a file from a remote server and succeeded.
now i can run commands via phps system() function.
the user running the commands is nobody. what can i do next to get more rights?
THX Poldi
w00dy
Nov 18 2003, 03:45 AM
Since you are 'nobody', i would suggest that you get off that machine as seeing 'nobody' accessing a machine is a sure way for an admin to catch you. Its called 'nobody' because noone should or does use that to run commands
clip
Nov 21 2003, 01:03 AM
Well you'll need a local exploit.. good luck.
ikkyu
Dec 4 2003, 08:00 PM
My advice to you is to stop immedately, and if you are feeling brave contact the administrator of the machine and inform him of the problem and request that he fix it and perhaps offer some instruction on how to fix it, this world needs fewer rooted boxes better administrators and more good samaritains, you are in a position to effect all three desireable outcomes
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
