[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security Vulnerability
From: |
Andreas Schwab |
Subject: |
Re: Security Vulnerability |
Date: |
Sun, 07 Feb 2016 14:32:25 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.90 (gnu/linux) |
Rakesh Mane <rakeshmane12345@gmail.com> writes:
> In real life, if an attacker founds a command injection vulnerability in
> some system then he can use this flaw to bypass filters or waf's by simply
> uploading a file having a command as filename (example: reboot) and then by
> sending "*" as command.
Sending arbitrary commands to a shell is a security bug, but not a bug
in the shell which is working as designed.
Andreas.
--
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."