[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Symlink vulnerabilities
- To: Benjamin Renaut <benml@xxxxxxxxxx>
- Subject: Re: [Full-disclosure] Symlink vulnerabilities
- From: vladz <vladz@xxxxxxxxxx>
- Date: Thu, 27 Oct 2011 19:34:15 +0200
On Thu, Oct 27, 2011 at 05:01:30PM +0200, Benjamin Renaut wrote:
> http://pastebin.com/FaaEsXRW
Nice thing, but for sure, it can be optimized.
For example, to save time, I would suggest you to use rename() instead
of using both unlink() and rmdir() functions. Same thing for your
write_shellcode() function, it contains too much calls. It would be
preferable to create your nasty shell script first, and then (when it's
time), rename() it as dirname.
Cheers,
--
http://vladz.devzero.fr
PGP key 8F7E2D3C from pgp.mit.edu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/