Kloxo HostInABox 575 - local user symlink attack


There exists a symlink attack when using the "PHP Config" option in Kloxo.


Either privilege escalation to root, or the ability to corrupt files. I don't remember the exact result.

This issue pertained to the "PHP Config" option, and creating a symlink for the file it creates: /home/username/domain/.htaccess