EXPLOITS

C.J. Steele Tattle - Remote Command Execution

Author: b0iler
type: remote
platform: linux
port: 
date_added: 2005-06-07  
date_updated: 2013-05-29  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 25802.txt  

source: https://www.securityfocus.com/bid/13883/info

tattle is affected by a remote command execution vulnerability.

An attacker can supply arbitrary commands prefixed with the '|' character as a value for the 'tld' variable that will be executed in the context of the application.

An attacker can exploit this issue in various ways including providing a malformed user name through FTP.

sshd rhost 9 10 11 |rm${IFS}-rf${IFS}/|echo'1.1.1.1'