This symlink vulnerability allows a malicious user to serve files from anywhere on a server that has not been protected by strict OS-level permissions. The exploit, in general terms, is to create a symbolic link file (eg public_html/fred.txt) pointing to a wp-config.php file (eg /home/otheracct/public_html/wp-config.php) which contains database user and password which will occasionally be the cpanel username/password. The file is then readable via a web browser. If the user has been unwise enough to use their cpanel username/password for the database.
This script will find if there is any symlinks in the users home directory and save the output to /root/symlinks.txt
find /home*/*/public_html -type l >> /root/symlinks.txt
If you access the file owned by other user after creating symlink patch, you will get the below error in apache error log file as, with the file not find in the browser,
-=-
Caught race condition abuser. attacker: 677, victim: 570 open file owner: 570, open file: /home/domain/public_html/file.jpg where file.jpg is the symbolic link owned by other user.
=-=-
When you get the above error change the ownership to owner of the file,
chown realowner.realowner and you will be able to access that.
Done
This script will find if there is any symlinks in the users home directory and save the output to /root/symlinks.txt
find /home*/*/public_html -type l >> /root/symlinks.txt
If you access the file owned by other user after creating symlink patch, you will get the below error in apache error log file as, with the file not find in the browser,
-=-
Caught race condition abuser. attacker: 677, victim: 570 open file owner: 570, open file: /home/domain/public_html/file.jpg where file.jpg is the symbolic link owned by other user.
=-=-
When you get the above error change the ownership to owner of the file,
chown realowner.realowner and you will be able to access that.
Done