Rakesh Mane <[email protected]> writes: > In real life, if an attacker founds a command injection vulnerability in > some system then he can use this flaw to bypass filters or waf's by simply > uploading a file having a command as filename (example: reboot) and then by > sending "*" as command.
Sending arbitrary commands to a shell is a security bug, but not a bug in the shell which is working as designed. Andreas. -- Andreas Schwab, [email protected] GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."
