Targeted exploits not one's chief worry, but just as anecdata, I've got working pre-auth HTTP POCs for Shellshock against 2 of 5 apps I run.
@roidrage Yep. From there it's a very short leap to "root the box." (n.b. Rough complexity: one line with curl.)
-
-
@patio11 oh sure, I don’t doubt that, I’m more curious what part of the app is shelling out (library vs. app code, explicit vs. implicit) -
@roidrage Specifics elided but it was "a commonly used gem which wraps a commonly used library" and "a Rails deploy strategy from 2011~2012"
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.