Privilege escalation using sourcefilename
myyxl opened this issue · comments
Marlon commented
Hi Richard,
I have found another privilege escalation but this time using the sourcefilename. When adding "../../" before the actual file name you can store the file in another directory. If you store the file into the web directory you can execute php code by doing a request to the website. After this you can patch runguard and gain root.
Here is the affected line in the source code: Link
Sincerely,
Marlon
Richard Lobb commented
Thanks again Marlon. Hopefully fixed now (version 1.6.5).