[framework] Questions about plugin design
Nicolas Gregoire
ngregoire at exaprobe.com
Thu Sep 8 06:59:45 PDT 2005
Hello,
I'm actually writing a plugin exploiting a vulnerable Perl open(), and
I've some design questions :
- should the Check() function test that the HTTP return code is 200,
that the right headers are present or try to read a file ?
- as the vuln is a Perl open(), there's no way to directly use shell
tricks (like "telnet|sh|telnet"). How to tell the plugin that
'cmd_generic' is the only usuable payload ?
Regards,
--
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire at exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
More information about the framework
mailing list