|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: sd (sd
cdi.cz)Date: Wed Jun 26 2002 - 11:22:37 CDT
On Sun, Jun 23, 2002 at 03:03:13PM +0100, Filipe Jorge Marques de Almeida wrote:
> Don't forget this is not a serious vulnerability in many configurations (if the
> user already has permission to run cgi scripts without suexec, SSI, etc).
>
> On Sat, Jun 22, 2002 at 09:27:48PM -0400, Michal Zalewski wrote:
> > Check out what you get - file descriptors and other goodies - and perhaps
> > it is a good time to cc: bugtraq or at least Apache guys?;-)
>
> --
> Filipe Almeida
imho it's serious for freeweb providers, they become a freeshell providers ;)
not mentioning that you can play a bit with port 80 socket, pernamently
killing all childs to put your child for some use. defacing whole webserver,
web sniffing IS possible.
-- _ __/| \'X.X' sd
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]