[patio11]

I think you underestimate attack vectors. d6c477a79ea7a633c2bb0e358e32399c1b18eb7d <-- Will ruin 1+ HNers' day sooner rather than later if they don't patch. Successful exploit doesn't require the exploit writer even knowing that vector existed to say nothing of successfully guessing a URL.

[janlin1999]

What does "d6c477a79ea7a633c2bb0e358e32399c1b18eb7d" mean?

Also, I'm learning about this and am primarily concerned about the possibility of remote exploits -- if a web server returns 404 for an invalid URL, how does the attack vector work if the exploit writer does not successfully guess a URL? Thanks.

[fr4]

It is probably a SHA hash of a one-liner proof of concept that he has that he doesn't want to reveal as yet, but wants to prove that he was talking about at a later date.

[djb_hackernews]

Take for example your favorite web app server, rails, django, etc. whatever it may be. (Not saying these are necessarily exploitable, but potentially)

Now imagine that for EVERY request, no matter if it is a valid path or not, one of the things it does is load all of the headers for the request into bash variables...

[drzaiusapelord]

>Successful exploit doesn't require the exploit writer even knowing that vector existed to say nothing of successfully guessing a URL.

I'm not following. My CGI application is at example.com/stuff/cgi/webapp

So now the attack doesn't need to append /stuff/cgi/webapp? It can just point to example.com? How does that work?