Rakesh Mane <rakeshmane12...@gmail.com> writes: > In real life, if an attacker founds a command injection vulnerability in > some system then he can use this flaw to bypass filters or waf's by simply > uploading a file having a command as filename (example: reboot) and then by > sending "*" as command.
Sending arbitrary commands to a shell is a security bug, but not a bug in the shell which is working as designed. Andreas. -- Andreas Schwab, sch...@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."
