Vulners
Lucene search
adpl33t.txt
`
Adp Elite system is an invoice/purchase order suite very common in car dealerships. It's a telnet based system. When a user logs in via telnet, adp dumps the user into the program where the user can check on a vehicle's status, generate PO's and RO's, etc.... The program is rather large and runs on a linux based system. Usually ftp is running as well. A user with a valid login name/pass... eh...cough...ettercap...cough is able to upload/download things into/from their directory... usually something like /adp/home/<user>.... by default there is a .profile containing this little gem...
# ADPROOT is equivalent to REALROOT on CoRA systems
ADPROOT=${ADPROOT:="/adp"}
export ADPROOT
download it... modify it to
# ADPROOT is equivalent to REALROOT on CoRA systems
ADPROOT=${ADPROOT:="/"}
export ADPROOT
then upload it...
now login via telnet... and bingo now you have a $hell
fix: chown root:root .profile
credit: rootfiend
questions/comments: [email protected]
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Feb 2005 00:00Current
7.4High risk
Vulners AI Score7.4