: I think this issue popped up several times on BUGTRAQ few years ago... : This is a pretty interesting issue, because e.g. pine used to escape such : characters improperly (not sure if this is still any problem, I reported : it a while ago). I didn't remember this issue on BUGTRAQ, but I can't point it out that this is OLD-NEWS in the wild. About 3 years ago I realized this scenario and began my own search and research, and I found a excelent reference from ADM Crew. So, if you know how to use this information you can do a lot of things. If you want read the ADM Crew's original issue, take a look at: http://packetstorm.decepticons.org/groups/ADM/sploits/ADMesc Hope this help. Sem mais, -- # Nelson Brito # Independent Security Consultat # Use: perl $0 /path/to/apache/access_log use Socket;while(<>){if($_=~/default.ida/){split(/-/,$_);$n=(gethostbyaddr (inet_aton($_[0]),PF_INET))[0];$v=$_[3]=~/\?N/?"I":"II";$HST=length($n)!=0 ?$n:"unknow hostname";print"IP: $_[0] => HOST: $HST => CodeRed: v.$v\n";}}
This archive was generated by hypermail 2b30 : Sun Dec 09 2001 - 10:19:03 PST