Vulnerability Development mailing list archives
Re: character injecting on linux console
From: "Nelson Brito" <nelson () tw-award com>
Date: Tue, 9 Oct 2001 11:50:24 -0300
: I think this issue popped up several times on BUGTRAQ few years ago... : This is a pretty interesting issue, because e.g. pine used to escape such : characters improperly (not sure if this is still any problem, I reported : it a while ago). I didn't remember this issue on BUGTRAQ, but I can't point it out that this is OLD-NEWS in the wild. About 3 years ago I realized this scenario and began my own search and research, and I found a excelent reference from ADM Crew. So, if you know how to use this information you can do a lot of things. If you want read the ADM Crew's original issue, take a look at: http://packetstorm.decepticons.org/groups/ADM/sploits/ADMesc Hope this help. Sem mais, -- # Nelson Brito # Independent Security Consultat # Use: perl $0 /path/to/apache/access_log use Socket;while(<>){if($_=~/default.ida/){split(/-/,$_);$n=(gethostbyaddr (inet_aton($_[0]),PF_INET))[0];$v=$_[3]=~/\?N/?"I":"II";$HST=length($n)!=0 ?$n:"unknow hostname";print"IP: $_[0] => HOST: $HST => CodeRed: v.$v\n";}}
Current thread:
- character injecting on linux console Doru Petrescu (Dec 08)
- Re: character injecting on linux console Michael R. Rudel (Dec 08)
- Re: character injecting on linux console Michael Greenberg (Dec 08)
- Re: character injecting on linux console Michael R. Rudel (Dec 08)
- Re: character injecting on linux console Doru Petrescu (Dec 08)
- Re: character injecting on linux console Michael Greenberg (Dec 08)
- Re: character injecting on linux console Michal Zalewski (Dec 08)
- Re: character injecting on linux console Robert van der Meulen (Dec 08)
- Re: character injecting on linux console Nelson Brito (Dec 09)
- Re: character injecting on linux console Michal Zalewski (Dec 09)
- Re: character injecting on linux console Valdis . Kletnieks (Dec 10)
- Re: character injecting on linux console Michal Zalewski (Dec 10)
- Re: character injecting on linux console Michael R. Rudel (Dec 08)
- Re: character injecting on linux console Robert van der Meulen (Dec 08)
- Re: character injecting on linux console Valkai Elod (Dec 08)
- RE: character injecting on linux console DFx (Dec 08)
- RE: character injecting on linux console Dom De Vitto (Dec 09)