Sudo

PHP strcmp() fed an array instead of a string returns 0 and bypasses login. A file manager upload gives shell. sudo find reads root.txt while find runs as root.…

Anonymous FTP yields a ZIP cracked with john. The PHP login is SQL-injectable. pg_dump in a sudo rule lets vi escape to root — classic sudo abuse.…