Saturday, November 17, 2018

“#!/bin/sh id cat zot echo ok” in a test_me file in a Joomla 1.5 site.

I found a file called “zot”. Inside was text “abcdefghi”. There was also a file called “test_me”. Inside this file was “#!/bin/sh
id
cat zot
echo ok”

This is a linux bash script used to cat or create a file called zot. Must be connected to an attack.

There was another file called “open_test” with another linux bash script.

#!/bin/sh
set -x
DIR=”/home/my_website/public_html”
cd $DIR
SUSTR=”
if [[ “$UID” -eq “0” || `id -un` != ‘audio’ ]];
then
SUSTR=”sudo -u audio ”
fi
$SUSTR $DIR/test_me

0 Comments

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>