On Tue, Jul 29, 2003 at 02:59:48PM +0200, Knarr, Joshua wrote:
> Recently one of our guys found a file called %p%p%p on a demo server
Could be bftpd_format_string.nasl but it tries to create directory
(not a file) "%p%p%p%p" (%p *four* times). I'm not sure if "MKD
%p%p%p%p" ftp command could end up in such a file.
I can't see "%p%p%p" anywhere else in current set of plugins (except
as a comment in rwhois_format_string2.nasl but that doesn't mean that
the string couldn't be hidden (obfuscated) in some other plugin ...
--
Martin Mačok http://underground.cz/
[EMAIL PROTECTED] http://Xtrmntr.org/ORBman/
