From: D.C. van Moolenbroek (dc.van.moolenbroekchello.nl)
Date: Wed Apr 30 2003 - 16:49:48 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"aT4r InsaN3" wrote:
> if an attacker with axx to the system is able to modify the scriptfile he
> can modify the script and place an evil command Quote AAAAAA..SHELLCODE...
> and execute code with elevated privileges.

Yes, but since he can also use the ftp client's built-in "!" command to
execute shell commands in that case, this does not seem to be a very
realistic scenario?

Regards,

David

--
class sig{static void main(String[]s){for// D.C. van Moolenbroek
(int _=0;19>_;System.out.print((char)(52^// (CS student, VU, NL)
"Y`KbddaZ}`P#KJ#caBG".charAt(_++)-9)));}}// -Java sigs look bad-

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]