You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Alright, I finally managed to look into this. I remember that HTB box and yes it's difficult to come up with a good example so I kept the basic technique simple and added a mini-PoC. Feel free to tell us what you think.
If ldconfig binary is suid, it would be possible to change library path loaded by other binaries in order to hijack libs.
I don't know how to create a good example to add it to the list but I think it should be added.
Here are 2 different examples:
Thanks
The text was updated successfully, but these errors were encountered: