|
|
|
|
|
|
by akrasuski1
2979 days ago
|
|
|
Actually, the mentioned GitList exploit hinges on yet another vulnerability: lack of distinction of command-line flags and arguments. Where user expected to put "normal" name (say a-zA-Z0-9), attacker actually supplied --flag=exploit. |
|
|