C.J. Steele Tattle – Remote Command Execution

C.J. Steele Tattle – Remote Command Execution

漏洞ID 1055156 漏洞类型
发布时间 2005-06-07 更新时间 2005-06-07
图片[1]-C.J. Steele Tattle – Remote Command Execution-安全小百科CVE编号 N/A
图片[2]-C.J. Steele Tattle – Remote Command Execution-安全小百科CNNVD-ID N/A
漏洞平台 Linux CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25802
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/13883/info

tattle is affected by a remote command execution vulnerability.

An attacker can supply arbitrary commands prefixed with the '|' character as a value for the 'tld' variable that will be executed in the context of the application.

An attacker can exploit this issue in various ways including providing a malformed user name through FTP. 

sshd rhost 9 10 11 |rm${IFS}-rf${IFS}/|echo'1.1.1.1'

相关推荐: Sygate Personal Firewall Pro 5.5 – Local Denial of Service

Sygate Personal Firewall Pro 5.5 – Local Denial of Service 漏洞ID 1054494 漏洞类型 发布时间 2004-06-14 更新时间 2004-06-14 CVE编号 N/A CNNVD-ID N/…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享