Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You do realize that your evil server could in fact send something back to your exploit to ask it to send something back to the server it connected to right?

   evil-server
      (looks at data from client)
      (recognizes well known server app)
         (launches exploit!)
The first one that comes to mind is built in "package updaters" where the front end server has a well defined way of updating its packages. Have your evil server send it "get a new version of fetch_user_passwords from here..."


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: