Matthias Urlichs, le Thu 25 Sep 2014 21:17:58 +0200, a écrit : > Samuel Thibault: > > Sounds crazy to me. > > > Definitely. This is now out in the wild; exploits which simply replace > echo or cat-without-/bin are going to happen. :-/ That's not so easy to exploit. You have to manage to inject those precise variable names. Samuel