Je hebt een klacht over de onderstaande posting:
With all this hyping around shellshock I have several questions I would like somebody having explained me. I found: http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html 1/ The first thing that wonders me: I see no Privilege escalation or memory leak being mentioned. When I have access to the shell there is no additional risk. The extra command is run by my credentials in a way that I also could have typed. Correct? 2/ This limits the impact of vulnerabilities by access methods you are not expected to use a shell. I see the webservice being mentioned Apache as an example. It could also be a remote login, that easy way for taken over a machine (rat). That is because identification/authentication is missing. Correct? Of course the webinterface is an important one. 3/ The observed problem is of the type "code injection". Not an unknown attack options, a very classic one. https://www.owasp.org/index.php/Code_Injection and more dedicated ...
Beschrijf je klacht (Optioneel):