Quoting Anoop Alias <anoopalias01 at gmail.com>: > Sir's, > > Please help me with this.I have found the following vulnerable file in the > /tmp directory of a cpanel server > > ==================================== > /tmp]# pwd > /tmp > > =================================================================== > ll > total 879 > drwxrwxrwt 2 root root 268288 Sep 23 23:23 ./ > drwx--x--x 25 root root 4096 Sep 23 21:21 ../ > -rw-r--r-- 1 root root 332 Sep 23 23:19 MAIL-HOST > lrwxrwxrwx 1 root root 30 Sep 23 23:23 mysql.sock -> > ../../var/lib/mysql/mysql.sock= > -rwsr-xr-x 1 root root 616248 Sep 23 23:23 sh*
Can you read the content of the file sh*. Is so just see what it does. If not try to run the script and read messages/logs generated. With regards M.Balakrishna Pillai
