Re: •Re: Re: •Re: Shell Simulation via CGI

With most secrity-flawed CGI scripts, a cracker might suspect a way to execute arbitrary shell commands, but won't know for sure until he successfully does one. However, with CGI-Shell, it is obvious that it is executing shell commands, which gives a cracker much more knowledge for an attack.

Comment on Re: •Re: Re: •Re: Shell Simulation via CGI

Replies are listed 'Best First'.
Re^5: Shell Simulation via CGI by Aristotle (Chancellor) on Feb 06, 2003 at 13:20 UTC
`.htaccess`? Makeshifts last the longest.	[reply]
Re: Re^5: Shell Simulation via CGI by jryan (Vicar) on Feb 06, 2003 at 21:43 UTC
Doesn't this still involve having shell access to the account to begin with?	[reply]
Re^7: Shell Simulation via CGI by Aristotle (Chancellor) on Feb 07, 2003 at 12:54 UTC
Last I checked, `.htaccess` files can be transferred via FTP just fine. Makeshifts last the longest.	[reply]