Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Local File Enumeration in IBM AIX - exploit.company
header-logo
Suggest Exploit
vendor:
IBM AIX
by:
5.5
CVSS
MEDIUM
Local File Enumeration
CWE
Product Name: IBM AIX
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Local File Enumeration in IBM AIX

The vulnerability allows local attackers to enumerate the existence of files on the computer that they wouldn't ordinarily be able to see. An attacker can exploit this issue by using a specially crafted input to the 'getShell' or 'getCommand' function, allowing them to view files that would normally be inaccessible.

Mitigation:

No known mitigation is available at the time of writing. It is advised to monitor and restrict access to sensitive files and directories.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16102/info

IBM AIX is prone to a local vulnerability in getShell and getCommand. This issue may let local attackers enumerate the existence of files on the computer that they wouldn't ordinarily be able to see.

-bash-3.00$./getCommand.new ../../../../../../etc/security/passwd
-bash-3.00$./getCommand.new ../../../../../../etc/security/passwd.aa
fopen: No such file or directory

Navigation

Suggest Exploit

Services By CQR