search for: ffcat

...uld imagine that most people are aware of the 0x0A escape and so when they test it on their own box they think they are safe from phf exploitation. The syntax for the exploit is almost identical to the older phf exploit. To execute commands: (cat /etc/passwd) http://server.net/cgi-bin/phf?Qalias=%ffcat%20/etc/passwd I know this exploit isn''t only confided to linux, but it seems its easiest to exploit on linux. If everybody is aware of this, excuse me. It''s just that I dont think enough admins are aware of this, and they are leaving their networks very open for exploitation. Z...