technique://Sudo Abuse
- BaseLinux Tier 2 Apr 27, 2026
PHP strcmp() fed an array instead of a string returns 0 and bypasses login. A file manager upload gives shell. sudo find reads root.txt while find runs as root.
also uses: PHP Type Juggling - VaccineLinux Tier 2 Apr 27, 2026
Anonymous FTP yields a ZIP cracked with john. The PHP login is SQL-injectable. pg_dump in a sudo rule lets vi escape to root — classic sudo abuse.
also uses: SQLi Auth Bypass