On Sat, Feb 05, 2005 at 02:41:35AM +0200, Lars Wirzenius wrote:
> I've looked again at Debian bug #284875 and I can't see how to reproduce
> the fourth part, either:
>
> > (4) Just about any stupid hack will work with wget. %00 bytes (see the
> > POC) and other %-escaped control characters handli
On Fri, Feb 04, 2005 at 02:57:12AM +0200, Lars Wirzenius wrote:
> I had a look at Debian bug 284875, "wget: Arbitrary file
> overwriting/appending/creating and other vulnerabilities", specifically
> about points (1) and (2) therein. I set up the proof of concept Perl
> script to run via inetd, whic
2 matches
Mail list logo
