this cross-protocol HTTPS/FTP attack is really interesting http://bugs.proftpd.org/show_bug.cgi?id=4143#c0 … we may face a can of x-prot worms here
@hanno no, I only looked at proftpd,vsftpd,dovecot. note that the variant without data con might be less exploitable than I thought...
-
-
@hanno iirc I didn't test the full attack w/o data con, only tested all the parts. full attack might be stopped by IE's XSS filter. sorry :/ -
@hanno basically, check whether sending a full HTTP POST request in one chunk using "openssl s_client" with -starttls doesn't kill the con - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.