9 lines
No EOL
452 B
Text
9 lines
No EOL
452 B
Text
source: http://www.securityfocus.com/bid/13883/info
|
|
|
|
tattle is affected by a remote command execution vulnerability.
|
|
|
|
An attacker can supply arbitrary commands prefixed with the '|' character as a value for the 'tld' variable that will be executed in the context of the application.
|
|
|
|
An attacker can exploit this issue in various ways including providing a malformed user name through FTP.
|
|
|
|
sshd rhost 9 10 11 |rm${IFS}-rf${IFS}/|echo'1.1.1.1' |