H D Moore wrote: (....)
I have a question for the group: Would you not be able to use a plugin which requested obscene file names? Many of the names used for copies of cmd.exe are made up of obscene words, I would like to add checks for them, but am worried that certain consultants will get questioned as to why their client's web logs (or printer output) contains such language. Nothing like telling a client that they have the "Anal FTP Backdoor" installed. A vulnerability is a vulnerability I suppose, it just gets amusing come report time.
It wouldn't be an issue to me. A security vulnerability is a security vulnerability, it's already obscene so adding it an obscene file name really does not make it worst ;-)
Regards
Javi
