Symlink Trickery

Symlinks can sometimes be used to creatively subvert the expectations of a program and escalate privileges.

For example, let's say a cronjob is backing up files from a directory and making them world readable. If you can delete that directory and replace it with a symlink to a system folder, then you can read the system files.

Symlinks can also be useful when exploiting SUID executables and especially wildcard injections.

PreviousEscape From Restricted ShellNextWildcard Injection

Last updated