| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BANLkTimAL6-152WuHLxHmvkAaf6aD_aeKQ@mail.gmail.com> Date: Tue, 7 Jun 2011 09:38:55 -0400 From: Dan Rosenberg <dan.j.rosenberg@...il.com> To: Marshall Whittaker <marshallwhittaker@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: New attack vector for sale, firewall bypass On Tue, Jun 7, 2011 at 6:19 AM, Marshall Whittaker <marshallwhittaker@...il.com> wrote: > Hello, > I am willing to sell a new attack vector I have devised. The proof of > concept code you will receive has the ability to arbitrarily upload files to > a webserver (tested on Apache), running linux with the well known perl read > pipe vulnerability in many web CGI applications. This issue can also be > leveraged through PHP LFI and RFI attacks, and through almost any other > remote command execution vulnerability. If you have a remote command execution vulnerability, couldn't you just leverage whatever useful binaries are available on the victim machine (perl, python, echo) to simply copy your exploit/file/etc. to disk by printing it byte-by-byte, possibly in pieces? Did I ruin the surprise? -Dan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists