I have found a path traversal vulnerability that allows me to read any path on the server that does not require sudo.
To fully exploit this, I would like to know which files exist in each directory so I can read them.
In other words, I can do cat /any/path, but not ls /any/path nor sudo cat /any/path. So how can I find as many files as possible to cat them (without trying all possibilities...)
Reading special files like dev or proc, or files present on most Linux distributions is OK. For example, if I could read locates /var/lib/mlocate/mlocate.db database the problem would be solved: but I can't because I don't have sudo.
If there is no ideal answer that lists all files, I am also interested in answers that list large number of existing files.
Aucun commentaire:
Enregistrer un commentaire